On the Decidability of the Safety Problem for Access Control Policies

Kleiner, E.; Newcomb, Tom

doi:10.1016/j.entcs.2007.05.032

Cited by 10 publications

(4 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This can be viewed as a reachability question somewhat analogous to the cell biology one: can a user with certain access privileges (analogous to a molecule with the ability to cross certain types of membranes) reach (i.e., gain access to) a target asset or resource (e.g., confidential data) that was supposed to be protected? This question is undecidable-there is no algorithm that can answer it in general-although restricted access control policies and rights allocations can be designed that allow some safety specifications to be achieved (Kleiner & Newcomb, 2007).…”

Section: Undecidable Questions In Hazard Identification and Probabilimentioning

confidence: 99%

Answerable and Unanswerable Questions in Risk Analysis with Open‐World Novelty

Cox

2020

Risk Analysis

View full text Add to dashboard Cite

Decision analysis and risk analysis have grown up around a set of organizing questions: what might go wrong, how likely is it to do so, how bad might the consequences be, what should be done to maximize expected utility and minimize expected loss or regret, and how large are the remaining risks? In probabilistic causal models capable of representing unpredictable and novel events, probabilities for what will happen, and even what is possible, cannot necessarily be determined in advance. Standard decision and risk analysis questions become inherently unanswerable ("undecidable") for realistically complex causal systems with "open-world" uncertainties about what exists, what can happen, what other agents know, and how they will act. Recent artificial intelligence (AI) techniques enable agents (e.g., robots, drone swarms, and automatic controllers) to learn, plan, and act effectively despite open-world uncertainties in a host of practical applications, from robotics and autonomous vehicles to industrial engineering, transportation and logistics automation, and industrial process control. This article offers an AI/machine learning perspective on recent ideas for making decision and risk analysis (even) more useful. It reviews undecidability results and recent principles and methods for enabling intelligent agents to learn what works and how to complete useful tasks, adjust plans as needed, and achieve multiple goals safely and reasonably efficiently when possible, despite open-world uncertainties and unpredictable events. In the near future, these principles could contribute to the formulation and effective implementation of more effective plans and policies in business, regulation, and public policy, as well as in engineering, disaster management, and military and civil defense operations. They can extend traditional decision and risk analysis to deal more successfully with open-world novelty and unpredictable events in large-scale real-world planning, policymaking, and risk management.

show abstract

Section: Undecidable Questions In Hazard Identification and Probabilimentioning

confidence: 99%

Answerable and Unanswerable Questions in Risk Analysis with Open‐World Novelty

Cox

2020

Risk Analysis

View full text Add to dashboard Cite

show abstract

“…Recent work in security modeling [13] has focused on the safety problem for security [14]. Since this problem is focused on access control policies rather than information flow policies, there is little application to our Xenon model.…”

Section: The Msl Separation Policymentioning

confidence: 99%

Xenon Formal Security Policy Model

McDermott¹,

Kirby²,

Kang³

et al. 2007

View full text Add to dashboard Cite

Standard Form 298 (Rev. 8-98)Prescribed by ANSI Std. Z39.18Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing this collection of information. Xenon is a high-assurance virtual machine monitor based on the Xen open-source hypervisor. We model the Xenon high-assurance virtual machine monitor's security policy as a conditional non-interference policy, using an event-based paradigm and the Communicating Sequential Processes (CSP) formalism. Our single model formally describes not only the separation of information flow but also the sharing. We also present our strategy for showing correspondence between this model and the Xenon interface. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) SPONSOR / MONITOR'S ACRONYM(S) 9. SPONSORING / MONITORING AGENCY NAME(S) AND ADDRESS(ES) SPONSOR / MONITOR'S REPORT NUMBER(S)

show abstract

“…We shall not discuss the body of work concerning analysis of fixed (i.e., non-administrative) policies. However, we note that the use of model checking in the analysis of access-control policies (e.g., [13]) is useful because there is a wide range of safety questions that can be asked of a policy.…”

Section: Related Workmentioning

confidence: 99%

“…Second: how difficult is it to analyze administrative RBAC policies? (See, e.g., [11,26,16,13,28].) For example, is it decidable (and if so at what cost) to determine whether a user can legally modify the policy to reach a specified state?…”

Section: Introductionmentioning

confidence: 99%

Program synthesis in administration of higher-order permissions

Bruns¹,

Huth

Avijit

2011

Proceedings of the 16th ACM Symposium on Access Control Models and Technologies

View full text Add to dashboard Cite

In "administrative" access control, policy controls permissions not just on application actions, but also on actions to modify permissions, on actions to modify permissions on those actions, and so on. One context of work in administrative policy is "administrative RBAC", in which policy controls the permissions of roles, the membership of roles, and other elements of RBAC access-control state.Here we study and extend the UARBAC model for administrative RBAC from the perspective of usability and expressiveness. Using tools from logic and program verification, we formulate UARBAC logically and develop an algorithm that produces "administrative plans" that achieve specified permissions through permitted actions. This work is closely related to work on the safety problem in administrative access control, but is intended to aid legitimate users in understanding how to achieve a desired access-control state. We then show how this machinery can be used so that administrative actions at any desired depth, and so plans as well, can be uniformly simulated in the existing UARBAC model.

show abstract

On the Decidability of the Safety Problem for Access Control Policies

Cited by 10 publications

References 13 publications

Answerable and Unanswerable Questions in Risk Analysis with Open‐World Novelty

Answerable and Unanswerable Questions in Risk Analysis with Open‐World Novelty

Xenon Formal Security Policy Model

Program synthesis in administration of higher-order permissions

Contact Info

Product

Resources

About