Abstract
We introduce the notion of resiliency policies in the context of access control systems. Such policies require an access control system to be resilient to the absence of users. An example resiliency policy requires that upon removal of any s users, there should still exist d disjoint sets of users such that the users in each set together possess certain permissions of interest. Such a policy ensures that even when emergency situations cause some users to be absent, there still exist independent teams of users that have the permissions necessary for carrying out critical tasks. The Resiliency Checking Problem determines whether an access control state satisfies a given resiliency policy. We show that the general case of the problem and several subcases are intractable (NP-hard), and identify two subcases that are solvable in linear time. For the intractable cases, we also identify the complexity class in the polynomial hierarchy to which these problems belong. We discuss the design and evaluation of an algorithm that can efficiently solve instances of nontrivial sizes that belong to the intractable cases of the problem. Furthermore, we study the consistency problem between resiliency policies and static separation of duty policies. Finally, we combine the notions of resiliency and separation of duty to introduce the resilient separation of duty policy, which is useful in situations where both fault-tolerance and fraud-prevention are desired.
- Ahn, G.-J. and Sandhu, R. S. 2000. Role-based authorization constraints specification. ACM Trans. Inf. Syst. Sec. 3, 4, 207--226. Google Scholar
Digital Library
- Clark, D. D. and Wilson, D. R. 1987. A comparision of commercial and military computer security policies. In Proceedings of the IEEE Symposium on Security and Privacy (SP’87). IEEE Computer Society Press, 184--194.Google Scholar
- Crampton, J. 2003. Specifying and enforcing constraints in role-based access control. In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT’03). 43--50. Google Scholar
Digital Library
- Du, D., Gu, J., and Pardalos, P. M., Eds. 1997. Satisfiability problem: Theory and applications. In DIMACS Series in Discrete Mathematics and Theoretical Computer Science, 35. AMS Press.Google Scholar
- Garey, M. R. and Johnson, D. J. 1979. Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman and Company. Google Scholar
Digital Library
- Gligor, V. D., Gavrila, S. I., and Ferraiolo, D. F. 1998. On the formal definition of separation-of-duty policies and their composition. In Proceedings of IEEE Symposium on Research in Security and Privacy (SP’98). 172--183.Google Scholar
- Graham, G. S. and Denning, P. J. 1972. Protection---Principles and practice. In Proceedings of the American Federation of Information Processing Societies National Semiannual Computer Conference Spring Joint Computer Conference (AFIPS’72). 40, 417--429. Google Scholar
Digital Library
- Harrison, M. A., Ruzzo, W. L., and Ullman, J. D. 1976. Protection in operating systems. Comm. ACM 19, 8, 461--471. Google Scholar
Digital Library
- Jaeger, T. and Tidswell, J. E. 2001. Practical safety in flexible access control models. ACM Trans. Inf. Syst. Sec. 4, 2, 158--190. Google Scholar
Digital Library
- Koch, M., Mancini, L. V., and Parisi-Presicce, F. 2002a. Decidability of safety in graph-based models for access control. In Proceedings of the 7th European Symposium on Research in Computer Security (ESORICS’02). Springer, 229--243. Google Scholar
Digital Library
- Koch, M., Mancini, L. V., and Parisi-Presicce, F. 2002b. A graph-based formalism for RBAC. ACM Trans. Inf. Syst. Sec. 5, 3 (Aug.), 332--365. Google Scholar
Digital Library
- Lampson, B. W. 1971. Protection. In Proceedings of the 5th Princeton Conference on Information Sciences and Systems (CISS’71). (Reprinted in ACM Operat. Syst. Rev. 8, 1, 18--24).Google Scholar
- Le Berre, D. 2006. SAT4J: A satisfiability library for Java. Retrieved from http://www.sat4j.org/.Google Scholar
- Li, N., Bizri, Z., and Tripunitara, M. V. 2004. On mutually-exclusive roles and separation of duty. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’04). ACM Press, 42--51. Google Scholar
Digital Library
- Li, N., Mitchell, J. C., and Winsborough, W. H. 2005. Beyond proof-of-compliance: Security analysis in trust management. Preliminary version appeared in Proceedings of 2003 IEEE Symposium on Security and Privacy (SP’05). J. ACM 52, 3, 474--514. Google Scholar
Digital Library
- Li, N. and Tripunitara, M. V. 2004. Security analysis in role-based access control. In Proceedings of the 9th ACM Symposium on Access Control Models and Technologies (SACMAT’04). 126--135. Google Scholar
Digital Library
- Lipton, R. J. and Snyder, L. 1977. A linear time algorithm for deciding subject security. J. ACM 24, 3, 455--464. Google Scholar
Digital Library
- Nash, M. J. and Poland, K. R. 1990. Some conundrums concerning separation of duty. In Proceedings of IEEE Symposium on Research in Security and Privacy (SP’90). 201--209.Google Scholar
- Papadimitriou, C. H. 1994. Computational Complexity. Addison Wesley Longman.Google Scholar
- Saltzer, J. H. and Schroeder, M. D. 1975. The protection of information in computer systems. Proc. IEEE 63, 9, 1278--1308.Google Scholar
Cross Ref
- Sandhu, R. 1990. Separation of duties in computerized information systems. In Proceedings of the International Federation Information Processing WG11.3 Workshop on Database Security (IFIP’90).Google Scholar
- Sandhu, R. S. 1988a. The schematic protection model: Its definition and analysis for acyclic attenuating systems. J. ACM 35, 2, 404--432. Google Scholar
Digital Library
- Sandhu, R. S. 1988b. Transaction control expressions for separation of duties. In Proceedings of the 4th Annual Computer Security Applications Conference (ACSAC’88).Google Scholar
Cross Ref
- Sandhu, R. S. 1992. The typed access matrix model. In Proceedings of the IEEE Symposium on Security and Privacy (SP’92). IEEE Computer Society Press, 122--136. Google Scholar
Digital Library
- Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. 1996. Role-based access control models. IEEE Comput. 29, 2, 38--47. Google Scholar
Digital Library
- Simon, T. T. and Zurko, M. E. 1997. Separation of duty in role-based environments. In Proceedings of the 10th Computer Security Foundations Workshop (CSFW’97). IEEE Computer Society Press, 183--194. Google Scholar
Digital Library
- Wang, Q. and Li, N. 2007. Satisfiability and resiliency in workflow systems. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’07). Google Scholar
Digital Library
Index Terms
Resiliency Policies in Access Control
Recommendations
Resiliency policies in access control
CCS '06: Proceedings of the 13th ACM conference on Computer and communications securityWe introduce the notion of resiliency policies in the context of access control systems. Such policies require an access control system to be resilient to the absence of users. An example resiliency policy requires that, upon removal of any s users, ...
Resiliency Policies in Access Control Revisited
SACMAT '16: Proceedings of the 21st ACM on Symposium on Access Control Models and TechnologiesResiliency is a relatively new topic in the context of access control. Informally, it refers to the extent to which a multi-user computer system, subject to an authorization policy, is able to continue functioning if a number of authorized users are ...
Available Separation-of-Duty Policies in Access Control
NSWCTC '10: Proceedings of the 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing - Volume 01A separation-of-duty (SoD) policy requires a sensitive task to be performed by a set of users of size no less than some threshold. Such focus on safety properties probably stems from the fact that access control has been mostly viewed as a tool for ...






Comments