Generation of Transmission Control Rules Compliant with Existing Access Control Policies

Access Control (AC) is a well known mechanism that allows access restriction to resources. Nevertheless, it does not provide notification when a resource is retransmitted to an unauthorized third party. To overcome this issue, one can use mechanisms such as Data Loss/Leak Prevention (DLP) or Transmission Control (TC). These mechanisms are based on policies that are defined by security experts. Unfortunately, these policies can contradict existing AC rules, leading to security leakage (i.e. a legitimate user is allowed to send a resource to someone who has no access rights in the AC).

[1]  Anneli Folkesson,et al.  Secure Computer Systems , 2013 .

[2]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[3]  Henry M. Levy,et al.  Capability-Based Computer Systems , 1984 .

[4]  Alexander Pretschner,et al.  Decentralized Distributed Data Usage Control , 2014, CANS.

[5]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[6]  Kamel Adi,et al.  An access control framework for hybrid policies , 2013, SIN.

[7]  Robert S. Fabry,et al.  Capability-based addressing , 1974, CACM.

[8]  Nora Cuppens-Boulahia,et al.  An Integrated Model for Access Control and Information Flow Requirements , 2007, ASIAN.

[9]  Nora Cuppens-Boulahia,et al.  Deploying Security Policy in Intra and Inter Workflow Management Systems , 2009, 2009 International Conference on Availability, Reliability and Security.

[10]  Christian Schaefer,et al.  A Policy Language for Distributed Usage Control , 2007, ESORICS.

[11]  Fabio Martinelli,et al.  Enforcing UCON Policies on the Enterprise Service Bus , 2010, OTM Conferences.

[12]  Kamel Adi,et al.  UACML: Unified Access Control Modeling Language , 2011, 2011 4th IFIP International Conference on New Technologies, Mobility and Security.

[13]  Weili Han,et al.  A survey on policy languages in network and security management , 2012, Comput. Networks.

[14]  Nora Cuppens-Boulahia,et al.  High Level Conflict Management Strategies in Advanced Access Control Models , 2007, ICS@SYNASC.

[15]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[16]  Lior Rokach,et al.  A Survey of Data Leakage Detection and Prevention Solutions , 2012, SpringerBriefs in Computer Science.

[17]  K J Biba,et al.  Integrity Considerations for Secure Computer Systems , 1977 .

[18]  Steve Barker Logical Approaches to Authorization Policies , 2012, Logic Programs, Norms and Action.

[19]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[20]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.