Automated Certification of Authorisation Policy Resistance

Griesmayer, Andreas; Morisset, Charles

doi:10.1007/978-3-642-40203-6_32

Cited by 6 publications

(8 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, attribute-hiding attacks is studied in [9], and it is shown that hiding an attribute can lead a decisionmaker to permit an access that would have been denied with full knowledge of the environment. Hence, integrating multiple influencers could provide a model characterising the conflicting influences over decision-makers, between security mechanisms and attackers.…”

Section: Resultsmentioning

confidence: 99%

Nudging for Quantitative Access Control Systems

Morisset

Groβ

Moorsel

et al. 2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. We propose in this paper a formal model for soft enforcement, where a decision-maker is influenced towards a decision, rather than forced to select that decision. This novel type of enforcement is particularly useful when the policy enforcer cannot fully control the environment of the decision-maker, as we illustrate in the context of attribute-based access control, by limiting the control over attributes. We also show that soft enforcement can improve the security of the system when the influencer is uncertain about the environment, and when neither forcing the decision-maker nor leaving them make their own selection is optimal. We define the general notion of optimal influencing policy, that takes into account both the control of the influencer and the uncertainty in the system.

show abstract

Section: Resultsmentioning

confidence: 99%

Nudging for Quantitative Access Control Systems

Morisset

Groβ

Moorsel

et al. 2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…Morisset and Griesmeyer showed that it is sufficient to only consider requests comprising attribute name-value pairs that explicitly occur in the PTaCL policy [7]. In particular, it is not necessary to consider (n, v) for every possible value of v that n can take.…”

Section: Abstract Evaluationmentioning

confidence: 98%

“…For instance, we give below the PTaCL definition for the policy p1 defined in Section 2.2, using the syntax of the tool ATRAP [7], where Ptar is the constructor for target policies, Ppov for the operator , Pdov for the operator , Topt for the operator ∼ and Tstrongand for the operator˜ :…”

Section: Target and Policiesmentioning

confidence: 99%

“…Our work relies clearly on the PTaCL language [5] together with the definition of the ATRAP tool [7], which automatically analyses the safety of PTaCL policies. The notion of reducing complex decisions to simple, conclusive ones is also addressed in recent work [10], which focuses on decisions and operators, whereas we focus here on attribute retrieval.…”

Section: Background and Related Workmentioning

confidence: 99%

See 1 more Smart Citation

On Missing Attributes in Access Control

Crampton

Morisset

Zannone

2015

Proceedings of the 20th ACM Symposium on Access Control Models and Technologies

Self Cite

View full text Add to dashboard Cite

Attribute Based Access Control (ABAC) is becoming the reference model for the specification and evaluation of access control policies. In ABAC policies and access requests are defined in terms of pairs attribute names/values. The applicability of an ABAC policy to a request is determined by matching the attributes in the request with the attributes in the policy. Some languages supporting ABAC, such as PTaCL or XACML 3.0, take into account the possibility that some attributes values might not be correctly retrieved when the request is evaluated, and use complex decisions, usually describing all possible evaluation outcomes, to account for missing attributes. In this paper, we argue that the problem of missing attributes in ABAC can be seen as a non-deterministic attribute retrieval process, and we show that the current evaluation mechanism in PTaCL or XACML can return a complex decision that does not necessarily match with the actual possible outcomes. This, however, is problematic for the enforcing mechanism, which needs to resolve the complex decision into a conclusive one. We propose a new evaluation mechanism, explicitly based on non-deterministic attribute retrieval for a given request. We extend this mechanism to probabilistic attribute retrieval and implement a probabilistic policy evaluation mechanism for PTaCL in PRISM, a probabilistic model-checker.

show abstract

“…For example, for the attribute-based language PTaCL [3] a tool ATRAP was developed in [6] that automatically searches for such attacks and -in their absence -constructs a formal proof of their absence.…”

Section: Usability Issues Of Peal +mentioning

confidence: 99%

On Designing Usable Policy Languages for Declarative Trust Aggregation

Huth

Kuo

2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We argue that there will be an increasing future need for the design and implementation of declarative languages that can aggregate trust evidence and therefore inform the decision making of IT systems at run-time. We first present requirements for such languages. Then we discuss an instance of such a language, Peal + , which extends an early prototype Peal that was researched by others in collaboration with us. Next, we formulate the intuitive semantics of Peal + , present a simple use case of it, and evaluate to what extent Peal + meets our formulated requirements. In this evaluation, particular attention is given to the usability aspects of declarative languages that mean to aggregate trust evidence.

show abstract

Automated Certification of Authorisation Policy Resistance

Cited by 6 publications

References 22 publications

Nudging for Quantitative Access Control Systems

Nudging for Quantitative Access Control Systems

On Missing Attributes in Access Control

On Designing Usable Policy Languages for Declarative Trust Aggregation

Contact Info

Product

Resources

About