skip to main content
research-article

Resiliency Policies in Access Control

Published:01 April 2009Publication History
Skip Abstract Section

Abstract

We introduce the notion of resiliency policies in the context of access control systems. Such policies require an access control system to be resilient to the absence of users. An example resiliency policy requires that upon removal of any s users, there should still exist d disjoint sets of users such that the users in each set together possess certain permissions of interest. Such a policy ensures that even when emergency situations cause some users to be absent, there still exist independent teams of users that have the permissions necessary for carrying out critical tasks. The Resiliency Checking Problem determines whether an access control state satisfies a given resiliency policy. We show that the general case of the problem and several subcases are intractable (NP-hard), and identify two subcases that are solvable in linear time. For the intractable cases, we also identify the complexity class in the polynomial hierarchy to which these problems belong. We discuss the design and evaluation of an algorithm that can efficiently solve instances of nontrivial sizes that belong to the intractable cases of the problem. Furthermore, we study the consistency problem between resiliency policies and static separation of duty policies. Finally, we combine the notions of resiliency and separation of duty to introduce the resilient separation of duty policy, which is useful in situations where both fault-tolerance and fraud-prevention are desired.

References

  1. Ahn, G.-J. and Sandhu, R. S. 2000. Role-based authorization constraints specification. ACM Trans. Inf. Syst. Sec. 3, 4, 207--226. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Clark, D. D. and Wilson, D. R. 1987. A comparision of commercial and military computer security policies. In Proceedings of the IEEE Symposium on Security and Privacy (SP’87). IEEE Computer Society Press, 184--194.Google ScholarGoogle Scholar
  3. Crampton, J. 2003. Specifying and enforcing constraints in role-based access control. In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT’03). 43--50. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Du, D., Gu, J., and Pardalos, P. M., Eds. 1997. Satisfiability problem: Theory and applications. In DIMACS Series in Discrete Mathematics and Theoretical Computer Science, 35. AMS Press.Google ScholarGoogle Scholar
  5. Garey, M. R. and Johnson, D. J. 1979. Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman and Company. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Gligor, V. D., Gavrila, S. I., and Ferraiolo, D. F. 1998. On the formal definition of separation-of-duty policies and their composition. In Proceedings of IEEE Symposium on Research in Security and Privacy (SP’98). 172--183.Google ScholarGoogle Scholar
  7. Graham, G. S. and Denning, P. J. 1972. Protection---Principles and practice. In Proceedings of the American Federation of Information Processing Societies National Semiannual Computer Conference Spring Joint Computer Conference (AFIPS’72). 40, 417--429. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Harrison, M. A., Ruzzo, W. L., and Ullman, J. D. 1976. Protection in operating systems. Comm. ACM 19, 8, 461--471. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Jaeger, T. and Tidswell, J. E. 2001. Practical safety in flexible access control models. ACM Trans. Inf. Syst. Sec. 4, 2, 158--190. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Koch, M., Mancini, L. V., and Parisi-Presicce, F. 2002a. Decidability of safety in graph-based models for access control. In Proceedings of the 7th European Symposium on Research in Computer Security (ESORICS’02). Springer, 229--243. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Koch, M., Mancini, L. V., and Parisi-Presicce, F. 2002b. A graph-based formalism for RBAC. ACM Trans. Inf. Syst. Sec. 5, 3 (Aug.), 332--365. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Lampson, B. W. 1971. Protection. In Proceedings of the 5th Princeton Conference on Information Sciences and Systems (CISS’71). (Reprinted in ACM Operat. Syst. Rev. 8, 1, 18--24).Google ScholarGoogle Scholar
  13. Le Berre, D. 2006. SAT4J: A satisfiability library for Java. Retrieved from http://www.sat4j.org/.Google ScholarGoogle Scholar
  14. Li, N., Bizri, Z., and Tripunitara, M. V. 2004. On mutually-exclusive roles and separation of duty. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’04). ACM Press, 42--51. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Li, N., Mitchell, J. C., and Winsborough, W. H. 2005. Beyond proof-of-compliance: Security analysis in trust management. Preliminary version appeared in Proceedings of 2003 IEEE Symposium on Security and Privacy (SP’05). J. ACM 52, 3, 474--514. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Li, N. and Tripunitara, M. V. 2004. Security analysis in role-based access control. In Proceedings of the 9th ACM Symposium on Access Control Models and Technologies (SACMAT’04). 126--135. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Lipton, R. J. and Snyder, L. 1977. A linear time algorithm for deciding subject security. J. ACM 24, 3, 455--464. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Nash, M. J. and Poland, K. R. 1990. Some conundrums concerning separation of duty. In Proceedings of IEEE Symposium on Research in Security and Privacy (SP’90). 201--209.Google ScholarGoogle Scholar
  19. Papadimitriou, C. H. 1994. Computational Complexity. Addison Wesley Longman.Google ScholarGoogle Scholar
  20. Saltzer, J. H. and Schroeder, M. D. 1975. The protection of information in computer systems. Proc. IEEE 63, 9, 1278--1308.Google ScholarGoogle ScholarCross RefCross Ref
  21. Sandhu, R. 1990. Separation of duties in computerized information systems. In Proceedings of the International Federation Information Processing WG11.3 Workshop on Database Security (IFIP’90).Google ScholarGoogle Scholar
  22. Sandhu, R. S. 1988a. The schematic protection model: Its definition and analysis for acyclic attenuating systems. J. ACM 35, 2, 404--432. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Sandhu, R. S. 1988b. Transaction control expressions for separation of duties. In Proceedings of the 4th Annual Computer Security Applications Conference (ACSAC’88).Google ScholarGoogle ScholarCross RefCross Ref
  24. Sandhu, R. S. 1992. The typed access matrix model. In Proceedings of the IEEE Symposium on Security and Privacy (SP’92). IEEE Computer Society Press, 122--136. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. 1996. Role-based access control models. IEEE Comput. 29, 2, 38--47. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Simon, T. T. and Zurko, M. E. 1997. Separation of duty in role-based environments. In Proceedings of the 10th Computer Security Foundations Workshop (CSFW’97). IEEE Computer Society Press, 183--194. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Wang, Q. and Li, N. 2007. Satisfiability and resiliency in workflow systems. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’07). Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Resiliency Policies in Access Control

              Recommendations

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              • Published in

                cover image ACM Transactions on Information and System Security
                ACM Transactions on Information and System Security  Volume 12, Issue 4
                April 2009
                96 pages
                ISSN:1094-9224
                EISSN:1557-7406
                DOI:10.1145/1513601
                Issue’s Table of Contents

                Copyright © 2009 ACM

                Publisher

                Association for Computing Machinery

                New York, NY, United States

                Publication History

                • Published: 1 April 2009
                • Accepted: 1 July 2008
                • Revised: 1 June 2008
                • Received: 1 May 2007
                Published in tissec Volume 12, Issue 4

                Permissions

                Request permissions about this article.

                Request Permissions

                Check for updates

                Qualifiers

                • research-article
                • Research
                • Refereed

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!