Greedy algorithm for least privilege in RBAC model
COCOA'11 Proceedings of the 5th international conference on Combinatorial optimization and applications
| Hi-index | 0.00 |
Role-based access control (RBAC) models not only ease security administration and reduce overhead by introducing roles between users and privileges, but also provide the possibility to enforce the principle of least privilege, which is, that a user should be assigned the smallest set of privileges necessary to complete his/her job in order to minimize information leaks and other inefficiencies. This thesis introduces several novel concepts to quantitatively measure how well a user-role assignment meets the principle of least privilege and analyzes the relationships among the quantitative measurements. Based on the quantitative measurements and their relationships, three algorithms are presented to efficiently search for the perfect user-role assignments (i.e. without bringing any extra privilege) and the optimal user-role assignments (i.e. limiting any extra privileges to the minimum). The proposed approach for enforcing the principle of least privilege is particularly useful for automatic generation of user-role assignment in large-scale RBAC systems. Additionally, this thesis proposes a systematic approach to integrate authentication and encryption with error detection/correction for general communication partners through insecure channels. Two 1-D hash functions in the row direction and in the column direction of a message matrix are introduced to provide the intermediate values shared by both authentication and error detection/correction. The total computation overhead in the proposed cryptosystems is thus significantly reduced. The proposed cryptosystem can provide data privacy, enable the receiver to verify whether or not the message matrix was sent by a specific user, and is able to detect and correct up to three errors. In the design of the hash functions, we adopt session pseudo-random numbers (SPRN) in order to withstand chosen-plaintext attacks, and eliminate the non-repudiation problem. The proposed cryptosystem is efficient and can be applied to most applications where both data security and fault tolerance are required.