Inconsistency detection method for access control policies

Shaikh, Riaz Ahmed; Adi, Kamel; Logrippo, Luigi; Mankovski, Serge

doi:10.1109/isias.2010.5604062

Cited by 14 publications

(11 citation statements)

References 13 publications

(19 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several works [29,1,22,12,11,8,20] have proposed techniques to detect inconsistencies and redundancies in XACML or extensions of RBAC policies by leveraging a variety of verification engines. None of these works provides decidability and complexity results of the analysis techniques as we do in this paper.…”

Section: Related Work and Discussionmentioning

confidence: 99%

Automated and Efficient Analysis of Role-Based Access Control with Attributes

Armando

Ranise²

2012

Data and Applications Security and Privacy XXVI

View full text Add to dashboard Cite

Section: Related Work and Discussionmentioning

confidence: 99%

Automated and Efficient Analysis of Role-Based Access Control with Attributes

Armando

Ranise²

2012

Data and Applications Security and Privacy XXVI

View full text Add to dashboard Cite

“…The complexity of access control policy revision is dependent on a number of factors, such as the number of users, number of roles, and number of resources. Due to these factors, one important aspect is to guarantee policy completeness [57] and consistency [58].…”

Section: T) ∧ P Er-t R-a(tr Evaluator = {(Read Obj B ) (Write Obj mentioning

confidence: 99%

Work-Based Access Control Model for Cooperative Healthcare Environments: Formal Specification and Verification

Abomhara

Yang

Køien

et al. 2017

J Healthc Inform Res

View full text Add to dashboard Cite

In this study, an access control model for cooperative healthcare environments is presented. A work-based access control (WBAC) model is proposed by introducing the concept of team role classification based on Belbin team role theory and modifying the user-role assignment model from previous work. Roles are used in conjunction with team roles to handle access control in dynamic collaborative environments. To evaluate and analyze the security, efficiency, and practicality of the proposed model, we first formalize the model (events and policies), define the basic element set and relations in the WBAC model, present the WBAC authorization constraints, and define the WBAC access control decision function. Second, we evaluate the model's security and manageability validity to ensure that the security and management requirements of our WBAC model are met. Finally, we evaluate the performance of the proposed model and compare it with relevant existing models.

show abstract

“…Trees Decision trees [12] are well-known for expressing access control logic [14] [16]. They are in fact the most efficient representation from the point of view of request processing by a PDP, since a subtree will be explored only if its parent edge satisfies the request.…”

Section: Expressing Access Control Requirements As Decisionmentioning

confidence: 99%

“…Currently the policy compression algorithm from [9] cannot handle such cases. Solutions to include absent attributes are proposed in [16] where they are called missing attributes. However, the use of such an approach is for further study.…”

Section: B Handling Absent Attributesmentioning

confidence: 99%

Challenges of Composing XACML Policies

Stepien

Felty

Matwin

2014

2014 Ninth International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Abstract-XACML (eXtensible Access Control MarkupLanguage) is a declarative access control policy language that has unique language constructs for factoring out access control logic. These constructs make the specification of access control requirements more compact than decision trees, which can be considered the most natural way to specify access control logic. However, many publications report that performance of XACML policy decision point (PDP) engines is greatly affected by the structure of policy sets. In this paper we first explore the causes of potential inefficiencies of XACML policies, and then propose a procedure to re-structure policy sets vertically by modifying the distribution of access control logic among different configurations of structural elements, in order to remove much of this inefficiency. This is in contrast to horizontal re-ordering of constant structural elements. Our procedure can be applied regardless of the complexity and structure of the original policy set. We also compare the performance of policy sets that take advantage of the expressive power of XACML targets to decision trees.

show abstract

Inconsistency detection method for access control policies

Cited by 14 publications

References 13 publications

Automated and Efficient Analysis of Role-Based Access Control with Attributes

Automated and Efficient Analysis of Role-Based Access Control with Attributes

Work-Based Access Control Model for Cooperative Healthcare Environments: Formal Specification and Verification

Challenges of Composing XACML Policies

Contact Info

Product

Resources

About