The schematic protection model: its definition and analysis for acyclic attenuating schemes
Journal of the ACM (JACM)
Role-Based Access Control Models
Computer
A Linear Time Algorithm for Deciding Subject Security
Journal of the ACM (JACM)
Protection in operating systems
Communications of the ACM
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
A graph-based formalism for RBAC
ACM Transactions on Information and System Security (TISSEC)
Computers and Intractability: A Guide to the Theory of NP-Completeness
Computers and Intractability: A Guide to the Theory of NP-Completeness
Decidability of Safety in Graph-Based Models for Access Control
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
Specifying and enforcing constraints in role-based access control
Proceedings of the eighth ACM symposium on Access control models and technologies
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Beyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Security analysis in role-based access control
Proceedings of the ninth ACM symposium on Access control models and technologies
On mutually-exclusive roles and separation of duty
Proceedings of the 11th ACM conference on Computer and communications security
Protection: principles and practice
AFIPS '72 (Spring) Proceedings of the May 16-18, 1972, spring joint computer conference
Satisfiability and resiliency in workflow systems
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Satisfiability and Resiliency in Workflow Authorization Systems
ACM Transactions on Information and System Security (TISSEC)
Hi-index | 0.00 |
We introduce the notion of resiliency policies in the context of access control systems. Such policies require an access control system to be resilient to the absence of users. An example resiliency policy requires that upon removal of any s users, there should still exist d disjoint sets of users such that the users in each set together possess certain permissions of interest. Such a policy ensures that even when emergency situations cause some users to be absent, there still exist independent teams of users that have the permissions necessary for carrying out critical tasks. The Resiliency Checking Problem determines whether an access control state satisfies a given resiliency policy. We show that the general case of the problem and several subcases are intractable (NP-hard), and identify two subcases that are solvable in linear time. For the intractable cases, we also identify the complexity class in the polynomial hierarchy to which these problems belong. We discuss the design and evaluation of an algorithm that can efficiently solve instances of nontrivial sizes that belong to the intractable cases of the problem. Furthermore, we study the consistency problem between resiliency policies and static separation of duty policies. Finally, we combine the notions of resiliency and separation of duty to introduce the resilient separation of duty policy, which is useful in situations where both fault-tolerance and fraud-prevention are desired.