Discovery and Resolution of Anomalies in Web Access Control Policies

Hu, Hongxin; Ahn, Gail-Joon; Kulkarni, Ketan

doi:10.1109/tdsc.2013.18

Cited by 44 publications

(31 citation statements)

References 24 publications

(43 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…(2) The second group put forward policy redundancy detecting methods by establishing research models and relevant mechanisms. Aiming at this problem, Hu et al [23] indicated that the Internet provides users with more convenient services, and at the same time the information system suffers from security attacks caused by unauthorized operations in business service. Besides, the design and management of the Web access control policy are always prone to errors for lack of efficient analysis mechanisms and tools.…”

Section: Mathematical Problems In Engineeringmentioning

confidence: 99%

Elimination of the Redundancy Related to Combining Algorithms to Improve the PDP Evaluation Performance

Fan

Zhang

Zhou

et al. 2016

Mathematical Problems in Engineering

View full text Add to dashboard Cite

If there are lots of redundancies in the policies loaded on the policy decision point (PDP) in the authorization access control model, the system will occupy more resources in operation and consumes plenty of evaluation time and storage space. In order to detect and eliminate policy redundancies and then improve evaluation performance of the PDP, a redundancy related to combining algorithms detecting and eliminating engine is proposed in this paper. This engine cannot only detect and eliminate the redundancy related to combining algorithms, but also evaluate access requests. A Resource Brick Wall is constructed by the engine according to the resource attribute of a policy's target attributes. By the Resource Brick Wall and the policy/rule combining algorithms, three theorems for detecting redundancies related to combining algorithms are proposed. A comparison of the evaluation performance of the redundancy related to combining algorithms detecting and eliminating engine with that of Sun PDP is made. Experimental results show that the evaluation performance of the PDP can be prominently improved by eliminating the redundancy related to combining algorithms.

show abstract

Section: Mathematical Problems In Engineeringmentioning

confidence: 99%

Elimination of the Redundancy Related to Combining Algorithms to Improve the PDP Evaluation Performance

Fan

Zhang

Zhou

et al. 2016

Mathematical Problems in Engineering

View full text Add to dashboard Cite

show abstract

“…There have also been significant advances in the area of policy conflict detection and resolution in relation with network policy such as [4] [5] [12] [13]. The novel policy conflict and anomaly detection techniques coupled with the resolution strategies have been proposed in [13].…”

Section: Related Workmentioning

confidence: 99%

Policy-driven security management for fog computing: Preliminary framework and a case study

Dsouza

Ahn

Taguinod

2014

Proceedings of the 2014 IEEE 15th International Conference on Information Reuse and Integration (IEEE IRI 2014)

Self Cite

182

View full text Add to dashboard Cite

With the increasing user demand for elastic provisioning of resources coupled with ubiquitous and on-demand access to data, cloud computing has been recognized as an emerging technology to meet such dynamic user demands. In addition, with the introduction and rising use of mobile devices, the Internet of Things (IoT) has recently received considerable attention since the IoT has brought physical devices and connected them to the Internet, enabling each device to share data with surrounding devices and virtualized technologies in real-time. Consequently, the exploding data usage requires a new, innovative computing platform that can provide robust real-time data analytics and resource provisioning to clients. As a result, fog computing has recently been introduced to provide computation, storage and networking services between the end-users and traditional cloud computing data centers. This paper proposes a policy-based management of resources in fog computing, expanding the current fog computing platform to support secure collaboration and interoperability between different user-requested resources in fog computing.

show abstract

“…Margrave uses MTBDDs to supports two types of analysis: policy querying, which analyzes access requests evaluated to a certain decision, and change-impact analysis, which is used to compare policies. Another policy analysis tool that employs BDDs for the encoding of XACML policies is XAnalyzer [15]. XAnalyzer uses a policy-based segmentation technique to detect and resolve policy anomalies such as redundancy and conflicts.…”

Section: Related Workmentioning

confidence: 99%

“…This need has spurred the development of several methods and tools for the verification of policy specifications at design time using formal reasoning [4,8,11,15,16]. The security properties being verified can express requirements on the policies but also on relations between policies.…”

Section: Introductionmentioning

confidence: 99%

Analysis of XACML Policies with SMT

Türkmen

Hartog

Ranise

et al. 2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. The eXtensible Access Control Markup Language (XACML) is an extensible and flexible XML language for the specification of access control policies. However, the richness and flexibility of the language (along with the verbose syntax of XML) come with a price: errors are easy to make and difficult to detect when policies grow in size. If these errors are not detected and rectified, they can result in serious data leakage and/or privacy violations leading to significant legal and financial consequences. To assist policy authors in the analysis of their policies, several policy analysis tools have been proposed based on different underlying formalisms. However, most of these tools either abstract away functions over non-Boolean domains (hence they cannot provide information about them) or produce very large encodings which hinder the performance. In this paper, we present a generic policy analysis framework that employs SMT as the underlying reasoning mechanism. The use of SMT does not only allow more fine-grained analysis of policies but also improves the performance. We demonstrate that a wide range of security properties proposed in the literature can be easily modeled within the framework. A prototype implementation and its evaluation are also provided.

show abstract

Discovery and Resolution of Anomalies in Web Access Control Policies

Cited by 44 publications

References 24 publications

Elimination of the Redundancy Related to Combining Algorithms to Improve the PDP Evaluation Performance

Elimination of the Redundancy Related to Combining Algorithms to Improve the PDP Evaluation Performance

Policy-driven security management for fog computing: Preliminary framework and a case study

Analysis of XACML Policies with SMT

Contact Info

Product

Resources

About