Reconfiguring Role Based Access Control policies using risk semantics

We present a refined model for Role Based Access Control policies and define a risk measure for the model, which expresses elements of the operational, combinatorial and conflict of interest risks present in a particular policy instance. The model includes risk-reducing mechanisms corresponding to practical mechanisms like firewalls, stack checking, redundancy, and event tracking that are frequently used to reduce risks in real systems. We also define policy transformation operators that produce new policies that allow the behaviours of the old policy while potentially reducing the risk measure. Sequences of these operators can be used to find policies that are less risky but still implement the initial policy. An example is give for Grid computing.

[1]  John M. Rushby,et al.  Design and verification of secure systems , 1981, SOSP.

[2]  Etienne J. Khayat,et al.  Risk Based Security Analysis of Permissions in RBAC , 2004, WOSIS.

[3]  Mark Strembeck,et al.  An approach to engineer and enforce context constraints in an RBAC environment , 2003, SACMAT '03.

[4]  David F. Ferraiolo,et al.  On the formal definition of separation-of-duty policies and their composition , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[5]  Jonathan K. Millen Local reconfiguration policies , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[6]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[7]  Michael J. Nash,et al.  Some conundrums concerning separation of duty , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[8]  Dennis G. Kafura,et al.  An XACML-based policy management and authorization service for globus resources , 2003, Proceedings. First Latin American Web Congress.

[9]  Hironori Hiraishi,et al.  Designing an agent-based RBAC system for dynamic security policy , 2004, 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[10]  Simon N. Foley,et al.  A nonfunctional approach to system integrity , 2003, IEEE J. Sel. Areas Commun..

[11]  Catherine A. Meadows Extending the Brewer-Nash model to a multilevel context , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[12]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[13]  Wietse Z. Venema,et al.  TCP Wrapper: Network Monitoring, Access Control, and Booby Traps , 1992, USENIX Summer.

[14]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[15]  A. W. Roscoe Intensional specifications of security protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[16]  Hai Jin,et al.  RB-GACA: A RBAC Based Grid Access Control Architecture , 2003, GCC.

[17]  Elisa Bertino,et al.  Intrusion detection in RBAC-administered databases , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[18]  Manish Parashar,et al.  Dynamic context-aware access control for grid applications , 2003, Proceedings. First Latin American Web Congress.

[19]  Ian T. Foster,et al.  The Anatomy of the Grid: Enabling Scalable Virtual Organizations , 2001, Int. J. High Perform. Comput. Appl..

[20]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[21]  Andreas Schaad,et al.  The Incorporation of Control Principles into Access Control Policies , 2001 .

[22]  Hai Jin,et al.  RB-GACA: an RBAC based grid access control architecture , 2005, Int. J. Grid Util. Comput..