Authorization recycling in hierarchical RBAC systems

Wei, Qiang; Crampton, Jason; Beznosov, Konstantin; Ripeanu, Matei

doi:10.1145/1952982.1952985

Cited by 12 publications

(12 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As part of future work, we plan to assess the end-to-end performance of a system integrating MORRO under different evaluation settings, such as a production configuration deployed on an elastic cloud infrastructure. We also plan to optimize MORRO in terms of time efficiency by adopting cache-based enforcement [24,52], and in terms of space efficiency, by adopting the Kevoree Modeling Framework (KMF) [22], which is optimized for manipulating models at run time on large distributed systems.…”

Section: Discussionmentioning

confidence: 99%

Model-driven run-time enforcement of complex role-based access control policies

Fadhel

Bianculli

Briand

2018

Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering

View full text Add to dashboard Cite

A Role-based Access Control (RBAC) mechanism prevents unauthorized users to perform an operation, according to authorization policies which are defined on the user's role within an enterprise. Several models have been proposed to specify complex RBAC policies. However, existing approaches for policy enforcement do not fully support all the types of policies that can be expressed in these models, which hinders their adoption among practitioners.In this paper we propose a model-driven enforcement framework for complex policies captured by GemRBAC+CTX, a comprehensive RBAC model proposed in the literature. We reduce the problem of making an access decision to checking whether a system state (from an RBAC point of view), expressed as an instance of the Gem-RBAC+CTX model, satisfies the constraints corresponding to the RBAC policies to be enforced at run time. We provide enforcement algorithms for various types of access requests and events, and a prototype tool (MORRO) implementing them. We also show how to integrate MORRO into an industrial Web application. The evaluation results show the applicability of our approach on a industrial system and its scalability with respect to the various parameters characterizing an AC configuration. CCS CONCEPTS• Security and privacy → Access control; • Software and its engineering → Model-driven software engineering; KEYWORDS role-based access control, enforcement, policies, model-driven engineering ACM Reference Format:

show abstract

Section: Discussionmentioning

confidence: 99%

Model-driven run-time enforcement of complex role-based access control policies

Fadhel

Bianculli

Briand

2018

Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering

View full text Add to dashboard Cite

show abstract

“…However, it is also worth pointing out that concrete access control policies tend to be more structured than randomly generated ones, and as such, model checking can be more efficient. In addition, some decisions can be cached [16]. Hence, these results should not necessarily be interpreted as providing an average computation time based on the size of the policy, but rather as an indication that · N can be first used for evaluation, since it is relatively fast, and in case of indeterminacy, · min and · max can be used to try to decide on a conclusive decision based on the probabilities of the decisions.…”

Section: Performance Evaluationmentioning

confidence: 99%

On Missing Attributes in Access Control

Crampton

Morisset

Zannone

2015

Proceedings of the 20th ACM Symposium on Access Control Models and Technologies

Self Cite

View full text Add to dashboard Cite

Attribute Based Access Control (ABAC) is becoming the reference model for the specification and evaluation of access control policies. In ABAC policies and access requests are defined in terms of pairs attribute names/values. The applicability of an ABAC policy to a request is determined by matching the attributes in the request with the attributes in the policy. Some languages supporting ABAC, such as PTaCL or XACML 3.0, take into account the possibility that some attributes values might not be correctly retrieved when the request is evaluated, and use complex decisions, usually describing all possible evaluation outcomes, to account for missing attributes. In this paper, we argue that the problem of missing attributes in ABAC can be seen as a non-deterministic attribute retrieval process, and we show that the current evaluation mechanism in PTaCL or XACML can return a complex decision that does not necessarily match with the actual possible outcomes. This, however, is problematic for the enforcing mechanism, which needs to resolve the complex decision into a conclusive one. We propose a new evaluation mechanism, explicitly based on non-deterministic attribute retrieval for a given request. We extend this mechanism to probabilistic attribute retrieval and implement a probabilistic policy evaluation mechanism for PTaCL in PRISM, a probabilistic model-checker.

show abstract

“…There has been some interest in recent years in reusing, recycling or caching authorization decisions at policy enforcement points in order to avoid recomputing decisions [7,28,29,36]. These techniques have perceived benefit, in particular, in large-scale, distributed, systems due to demands for reduced latency and a resilience to intermittent communications failures.…”

Section: Chinese Wallmentioning

confidence: 99%

Relationships, Paths and Principal Matching: A New Approach to Access Control

Crampton,

Sellwood

2015

Preprint

Self Cite

View full text Add to dashboard Cite

Recent work on relationship-based access control has begun to show how it can be applied to general computing systems, as opposed to simply being employed for social networking applications. The use of relationships to determine authorization policies enables more powerful policies to be defined than those based solely on the commonly used concept of role membership.The relationships, paths and principal matching (RPPM) model described here is a formal access control model using relationships and a two-stage request evaluation process. We make use of path conditions, which are similar to regular expressions, to define policies. We then employ non-deterministic finite automata to determine which policies are applicable to a request.The power and robustness of the RPPM model allows us to include contextual information in the authorization process (through the inclusion of logical entities) and allows us to support desirable policy foundations such as separation of duty and Chinese Wall. Additionally, the RPPM model naturally supports a caching mechanism which has significant impact on request evaluation performance.

show abstract

Authorization recycling in hierarchical RBAC systems

Cited by 12 publications

References 23 publications

Model-driven run-time enforcement of complex role-based access control policies

Model-driven run-time enforcement of complex role-based access control policies

On Missing Attributes in Access Control

Relationships, Paths and Principal Matching: A New Approach to Access Control

Contact Info

Product

Resources

About