Provenance-Based Analytics Services for Access Control Policies

Bertino, Elisa; Jabal, Amani Abu; Calo, Seraphin; Makaya, Christian; Touma, Maroun; Verma, Dinesh; Williams, Christopher

doi:10.1109/services.2017.24

Cited by 9 publications

(6 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Signed authorizations have been widely investigated [186], and also introduced in access control systems of commercial products (e.g., the access control model of SQL Server provides the negative authorization by the DENY authorization command SQL [9]). See [41] for a denition of RBAC with signed authorizations.…”

Section: Role-based Access Control (Rbac)mentioning

confidence: 99%

“…The notion of policy quality was introduced by Bertino et al [41] as a set of basic policy requirements. Assuring the quality of a set of policies can be stated as the problem of making sure that the set of policies be consistent, minimal, relevant, complete, and correct.…”

Section: Assessment Of Policy Alitymentioning

confidence: 99%

“…In particular, none of the systems is able to support the analysis of policies with respect to all the policy quality requirements. In the access control policy domain, Bertino et al [41] consider all the quality requirements except correctness, while in the network policy domain, the Mirage [83] and FPA [17][18][19][20] frameworks consider all the quality requirements except completeness. Fig.…”

Section: Comparisonmentioning

confidence: 99%

See 2 more Smart Citations

Methods and Tools for Policy Analysis

et al. 2019

Self Cite

View full text Add to dashboard Cite

Policy-based management of computer systems, computer networks and devices is a critical technology especially for present and future systems characterized by large-scale systems with autonomous devices, such as robots and drones. Maintaining reliable policy systems requires ecient and eective analysis approaches to ensure that the policies verify critical properties, such as correctness and consistency. In this paper, we present an extensive overview of methods for policy analysis. Then, we survey policy analysis systems and frameworks that have been proposed and compare them under various dimensions. We conclude the paper by outlining novel research directions in the area of policy analysis.

show abstract

Section: Role-based Access Control (Rbac)mentioning

confidence: 99%

Section: Assessment Of Policy Alitymentioning

confidence: 99%

Section: Comparisonmentioning

confidence: 99%

See 1 more Smart Citation

Methods and Tools for Policy Analysis

et al. 2019

Self Cite

View full text Add to dashboard Cite

show abstract

“…"Low quality" examples include inconsistent responses to similar requests and requests associated with irrelevant responses which do not reflect appropriate decisions of a policies (i.e., 'not applicable' decision for XACML policies). Formal definitions of "low quality" examples can be adapted from the definitions of "low quality" policies by Bertino et al [14], [31]. These formal definitions enable analyzing policies [31], [32].…”

Section: Access Control Policiesmentioning

confidence: 99%

“…Formal definitions of "low quality" examples can be adapted from the definitions of "low quality" policies by Bertino et al [14], [31]. These formal definitions enable analyzing policies [31], [32]. Similarly, adapted definitions for "low quality" examples can enable analyzing and refining the example dataset to obtain a noisefree one.…”

Section: Access Control Policiesmentioning

confidence: 99%

Generative Policies for Coalition Systems - A Symbolic Learning Framework

Bertino

White²,

Lobo

et al. 2019

2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS)

Self Cite

View full text Add to dashboard Cite

Policy systems are critical for managing missions and collaborative activities carried out by coalitions involving different organizations. Conventional policy-based management approaches are not suitable for next-generation coalitions that will involve not only humans, but also autonomous computing devices and systems. It is critical that those parties be able to generate and customize policies based on contexts and activities. This paper introduces a novel approach for the autonomic generation of policies by autonomous parties. The framework combines context free grammars, answer set programs, and inductionbased learning. It allows a party to generate its own policies, based on a grammar and some semantic constraints, by learning from examples. The paper also outlines initial experiments in the use of such a symbolic approach and outlines relevant research challenges, ranging from explainability to quality assessment of policies.

show abstract