Verification techniques for policy based systems

Karafili, Erisa; Pipes, Stephen; Lupu, Emil

doi:10.1109/uic-atc.2017.8397415

Cited by 3 publications

(5 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A major drawback observed after comparing the various usage control frameworks is the lack of verification and validation tools that can be used to assess the accuracy and the correctness of the proposed usage control mechanisms. When it comes to the broader verification and validation literature, there are a number of possible techniques, such as those examined by Karafili et al [47], which have already been successfully applied to systems that employ model checking, algebraic solutions, abductive reasoning, answer set programming solvers.…”

Section: Usabilitymentioning

confidence: 99%

Usage Control Specification, Enforcement, and Robustness: A Survey

Akaichi¹,

Kirrane²

2022

Preprint

View full text Add to dashboard Cite

The management of data and digital assets poses various challenges, including the need to adhere to legal requirements with respect to personal data protection and copyright. Usage control technologies could be used by software platform providers to manage data and digital assets responsibly and to provide more control to data and digital asset owners. In order to better understand the potential of various usage control proposals, we collate and categorize usage control requirements, compare the predominant usage control frameworks based on said requirements, and identify existing challenges and opportunities that could be used to guide future research directions.CCS Concepts: • Security and privacy → Information accountability and usage control; • Social and professional topics → Computing / technology policy; Intellectual property; Privacy policies.

show abstract

Section: Usabilitymentioning

confidence: 99%

Usage Control Specification, Enforcement, and Robustness: A Survey

Akaichi¹,

Kirrane²

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Policy conflicting affect the systems' security as malicious users can easily exploit the vulnerability to access the system. In literature, many studies have addressed the problem of policy conflicting [9], [10], [11], [12], [13], [14]. These solutions include: using expert system [10], modifying (edit, insert, revoke) policy/rule at the collision area [9], [14], using algebraic solutions [11], using Bayesian Network [12], [13].…”

Section: B Policy Conflict Resolutionmentioning

confidence: 99%

“…In literature, many studies have addressed the problem of policy conflicting [9], [10], [11], [12], [13], [14]. These solutions include: using expert system [10], modifying (edit, insert, revoke) policy/rule at the collision area [9], [14], using algebraic solutions [11], using Bayesian Network [12], [13]. Furthermore, XACML 3.0-based approaches rely on the combining algorithm between policies and rules as in [15], [16], [17], [18], [19].…”

Section: B Policy Conflict Resolutionmentioning

confidence: 99%

Towards a Fine-Grained Access Control Mechanism for Privacy Protection and Policy Conflict Resolution

Son¹,

Chen²

2019

ijacsa

View full text Add to dashboard Cite

Access control is a security technique that specifies access rights to resources in a computing environment. As information systems nowadays become more complex, it plays an important role in authenticating and authorizing users and preventing an attacker from targeting sensitive information. However, no proper consideration has been fully investigated so far in privacy protection. While many studies have acknowledged this issue, recent studies have not provided a fine-grained access control system for data privacy protection. As the data set becomes larger, we have to confront more privacy challenges. For example, the access control mechanism must be able to guarantee fine-grained access control, privacy protection, conflicts and redundancies between rules of the same policy or between different policies. In this paper, we propose a comprehensive framework for enforcing attribute-based security policies stored in the JSON document together with the feature of data privacy protection and incorporates a policy structure based on the prioritization of functions to resolve conflicts at a fine-grained level called "Privacy aware access control model for policy conflict resolution". We also use Polish notation for modeling conditional expressions which are the combination of subject, action, resource, and environment attributes so that privacy policies are flexible, dynamic and fine-grained. Experiments are carried out to two aspects (i) illustrate the relationship between the processing time for access decision and the complexity of policies; (ii) illustrate the relationship between the processing time for the traditional approach (single policy, multi-policy without priority) and our approach (multi-policy with priority). Experimental results show that the evaluation performance satisfies the privacy requirements defined by the user.

show abstract

“…As main and objective solutions we highlight proposals based on model checking, algebraic techniques, graph of roles, Satisfiability Modulo Theories (SMT) and Satisfiability (SAT) solver, formal methods, abductive reasoning, and the conjunctions of those techniques. Authors in [20] present synthesis, discussion, and analysis of several popular verification techniques.…”

Section: Verification and Validation Of Access Control Policiesmentioning

confidence: 99%

“…We consider the risk of an association as the ratio between the risk values of the members of the association. For example, the risk value of the user-role assignment relation ( ) that attributes the role to the user is evaluated, as defined in (20), as the ratio between the risk of the role and the risk of the user.…”

Section: Formal Validation Of the Conformity Of Rbac Policiesmentioning

confidence: 99%

A Methodology and Toolkit for Deploying Reliable Security Policies in Critical Infrastructures

Jaidi

Ayachi

Bouhoula

2018

Security and Communication Networks

View full text Add to dashboard Cite

Substantial advances in Information and Communication Technologies (ICT) bring out novel concepts, solutions, trends, and challenges to integrate intelligent and autonomous systems in critical infrastructures. A new generation of ICT environments (such as smart cities, Internet of Things,edge-fog-social-cloudcomputing, and big data analytics) is emerging; it has different applications to critical domains (such as transportation, communication, finance, commerce, and healthcare) and different interconnections via multiple layers of public and private networks, forming a grid of critical cyberphysical infrastructures. Protecting sensitive and private data and services in critical infrastructures is, at the same time, a main objective and a great challenge for deploying secure systems. It essentially requires setting up trusted security policies. Unfortunately, security solutions should remain compliant and regularly updated to follow and track the evolution of security threats. To address this issue, we propose an advanced methodology for deploying and monitoring the compliance of trusted access control policies. Our proposal extends the traditional life cycle of access control policies with pertinent activities. It integrates formal and semiformal techniques allowing the specification, the verification, the implementation, the reverse-engineering, the validation, the risk assessment, and the optimization of access control policies. To automate and facilitate the practice of our methodology, we introduce our systemSVIRVROthat allows managing the extended life cycle of access control policies. We refer to an illustrative example to highlight the relevance of our contributions.

show abstract

Verification techniques for policy based systems

Cited by 3 publications

References 35 publications

Usage Control Specification, Enforcement, and Robustness: A Survey

Usage Control Specification, Enforcement, and Robustness: A Survey

Towards a Fine-Grained Access Control Mechanism for Privacy Protection and Policy Conflict Resolution

A Methodology and Toolkit for Deploying Reliable Security Policies in Critical Infrastructures

Contact Info

Product

Resources

About