Generation of Transmission Control Rules Compliant with Existing Access Control Policies

Abstract: Abstract. Access Control (AC) is a well known mechanism that allows access restriction to resources. Nevertheless, it does not provide notification when a resource is retransmitted to an unauthorized third party. To overcome this issue, one can use mechanisms such as Data Loss/Leak Prevention (DLP) or Transmission Control (TC). These mechanisms are based on policies that are defined by security experts. Unfortunately, these policies can contradict existing AC rules, leading to security leakage (i.e. a legitima… Show more

“…Subjects store their capabilities as sets of pairs (x i , tRu), where x represents a resource and tRu represents the set of access rights to the resource granted to the subject. PBAC allows flexible management of access rules using policies -expressed as sets of rules combined to decide authorization and determine authorization level -and can be seen as a standardization of ABAC for governance-oriented structures [33]. Restricting user access to resources using an access control API has been introduced earlier [34,7], as well as limiting access to data based on higher-level attributes (e.g.…”

SDN Access Control for the Masses

“…Subjects store their capabilities as sets of pairs (x i , tRu), where x represents a resource and tRu represents the set of access rights to the resource granted to the subject. PBAC allows flexible management of access rules using policies -expressed as sets of rules combined to decide authorization and determine authorization level -and can be seen as a standardization of ABAC for governance-oriented structures [33]. Restricting user access to resources using an access control API has been introduced earlier [34,7], as well as limiting access to data based on higher-level attributes (e.g.…”

SDN Access Control for the Masses