A Formal Framework for Trust Policy Negotiation in Autonomic Systems: Abduction with Soft Constraints

Bistarelli, Stefano; Martinelli, Fabio; Santini, Francesco

doi:10.1007/978-3-642-16576-4_20

Cited by 11 publications

(12 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We will draw upon work from trust access control [27], cost associated trust access control [4], and utility [18] in order to build a formal framework for specifying clear controls that prevent wrongful adaptation. Further research into SAAF will also focus on the marriage of SAAF with other technologies that aid in identifying misuse, such as intrusion detection technologies that are capable of analyzing misuse at the resource level.…”

Section: Resultsmentioning

confidence: 99%

See 1 more Smart Citation

Self-adaptive federated authorization infrastructures

Bailey

Chadwick

Lemos

2014

Journal of Computer and System Sciences

View full text Add to dashboard Cite

Abstract-Authorization infrastructures are an integral part of any network where resources need to be protected. They act as the gateway for providing (or denying) subjects (users) access to resources. As networks expand and organizations start to federate access to their resources, authorization infrastructures become increasingly difficult to manage. In this paper, we explore the automatic adaptation of authorization assets (policies and subject access rights) in order to manage federated authorization infrastructures. We demonstrate adaptation through a Self-Adaptive Authorization Framework (SAAF) controller that is capable of managing policy based federated role/attribute access control authorization infrastructures. The SAAF controller implements a feedback loop to monitor the authorization infrastructure in terms of its assets and subjects' behavior, analyze potential adaptations for handling abnormal behavior, and act upon assets of an authorization infrastructure for changing its configuration. A prototype of the SAAF controller is evaluated in a federated authorization infrastructure (federation) built with SimpleSAMLphp, in which a PERMIS standalone authorization server protects a service provider's resources, and identity providers utilize LDAP directories to store subject authentication and authorization attributes.

show abstract

Section: Resultsmentioning

confidence: 99%

“…Trust PDPs [26] and trust policies [27] also can improve upon traditional authorization. The use of trust policies is a method in which either a group of users or an individual's trust is calculated, for example, based on the attributes they own.…”

Section: Related Workmentioning

confidence: 99%

Self-adaptive federated authorization infrastructures

Bailey

Chadwick

Lemos

2014

Journal of Computer and System Sciences

View full text Add to dashboard Cite

show abstract

“…The overall goal of dynamic access control is to reduce human intervention, make access control more responsive to attacks, and more cost effective. Several techniques have been proposed, including, resource usage [57], temporal properties [34], risk [41], and trust [12,65]. For example, in usage control [57] a perception of user activity is maintained over time and evaluated against thresholds of usage (e.g., a staff member may not print more than 100 pages per day), alongside traditional access control rules (e.g., a user must be assigned the role of staff to print).…”

Section: Static and Dynamic Access Controlmentioning

confidence: 99%

Challenges in Engineering Self-Adaptive Authorisation Infrastructures

Montrieux¹,

Lemos²,

Bailey³

2019

Engineering Adaptive Software Systems

View full text Add to dashboard Cite

As organisations expand and interconnect, authorisation infrastructures become increasingly difficult to manage. Several solutions have been proposed, including self-adaptive authorisation, where the access control policies are dynamically adapted at run-time to respond to misuse and malicious behaviour. The ultimate goal of self-adaptive authorisation is to reduce human intervention, make authorisation infrastructures more responsive to malicious behaviour, and manage access control in a more cost effective way. In this paper, we scope and define the emerging area of self-adaptive authorisation by describing some of its developments, trends and challenges. For that, we start by identifying key concepts related to access control and authorisation infrastructures, and provide a brief introduction to self-adaptive software systems, which provides the foundation for investigating how self-adaptation can enable the enforcement of authorisation policies. The outcome of this study is the identification of several technical challenges related to self-adaptive authorisation, which are classified according to the different stages of a feedback control loop.

show abstract

“…Definition 1: [Deduction with soft constraints [2], [14]] Given a soft constraint store that represents the current knowledge in terms of credentials ( = ⊗ credentials), and a soft constraint , which represents a request access, if ⊢ then the store entails (i.e., deduces) . The entailment ⊢ (see Section II-A) consequently implements the deduction operator.…”

Section: A Deductionmentioning

confidence: 99%

“…Definition 2: [Abduction with soft constraints [2], [14]] Given a soft constraint store and a soft constraint such that ∕ ⊢ , then the abduction process is aimed at finding a constraint , such that ⊗ ⊢ , i.e., = ⊖ ÷ (see Sec. II-A for the formal definition of ⊖ ÷).…”

Section: B Abductionmentioning

confidence: 99%

An Improved Role-Based Access to Android Applications with JCHR

Bistarelli

Costantino

Martinelli

et al. 2014

2014 Ninth International Conference on Availability, Reliability and Security

Self Cite

View full text Add to dashboard Cite

In this paper we show how deductive and abductive reasoning in distributed authorisation can be efficiently ported to Android. Such logical-inference processes prove to be important tools due to the intrinsic autonomic-nature of these mobile devices. Both deduction and abduction are represented by using Constraint Handling Rules (CHR), a high-level declarative constraint programming-language, and implemented in JCHR (CHR embedded into Java). To represent credentials we elaborate on RT , a weighted Role-based Trust-management family of languages: CHR programs are developed after such languages. In general, having weights associated with credentials leads to a more informative reasoning; for instance, access can be granted only if the total uncertainty is less than 20%.

show abstract

A Formal Framework for Trust Policy Negotiation in Autonomic Systems: Abduction with Soft Constraints

Cited by 11 publications

References 17 publications

Self-adaptive federated authorization infrastructures

Self-adaptive federated authorization infrastructures

Challenges in Engineering Self-Adaptive Authorisation Infrastructures

An Improved Role-Based Access to Android Applications with JCHR

Contact Info

Product

Resources

About