Proactive identification and prevention of unexpected future rule conflicts in attribute based access control

Authors:
Daren Zha;Jiwu Jing;Peng Liu;Jingqiang Lin;Xiaoqi Jia
Affiliations:
SKLOIS,Graduate University of CAS, Beijing, China;SKLOIS,Graduate University of CAS, Beijing, China;College of IST, The Pennsylvania State University;SKLOIS,Graduate University of CAS, Beijing, China;SKLOIS,Graduate University of CAS, Beijing, China
Venue:
ICCSA'10 Proceedings of the 2010 international conference on Computational Science and Its Applications - Volume Part IV
Year:
2010

Citing 16
Cited 0

Conflict resolution of rules assigning values to virtual attributes

SIGMOD '89 Proceedings of the 1989 ACM SIGMOD international conference on Management of data
Role-Based Access Control Models

Computer
Managing conflicts between rules (extended abstract)

PODS '96 Proceedings of the fifteenth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems
A framework for implementing role-based access control using CORBA security service

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Securing context-aware applications using environment roles

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Role-based access control on the web

ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control

ACM Transactions on Information and System Security (TISSEC)
Conflict Detection and Resolution in Access Control Policy Specifications

FoSSaCS '02 Proceedings of the 5th International Conference on Foundations of Software Science and Computation Structures
Induced role hierarchies with attribute-based RBAC

Proceedings of the eighth ACM symposium on Access control models and technologies
Formal access control analysis in the software development process

Proceedings of the 2003 ACM workshop on Formal methods in security engineering
On handling conflicts between rules with numerical features

Proceedings of the 2006 ACM symposium on Applied computing
Attribute-based encryption for fine-grained access control of encrypted data

Proceedings of the 13th ACM conference on Computer and communications security
Administration in role-based access control

ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Efficient policy analysis for administrative role based access control

Proceedings of the 14th ACM conference on Computer and communications security
Detecting and resolving policy misconfigurations in access-control systems

Proceedings of the 13th ACM symposium on Access control models and technologies
A location aware role and attribute based access control system

Proceedings of the 16th ACM SIGSPATIAL international conference on Advances in geographic information systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Attribute based access control (ABAC) provides an intuitive way for security administrators to express conditions (associated with status of objects) in access control policies; however, during the design and development of an ABAC system, new problems concerning the consistency and security of the ABAC system may emerge. In this paper, we report on two specific ABAC problems denoted as the “future rule conflicts” problem and the “object overlapping” problem, which we have recently identified in developing the ABAC system for a large research laboratory. We use real world examples to illustrate the negative impact of these two problems and present two novel algorithms for the identification and prevention of these problems. We give the correctness proof for both algorithm and apply these algorithms to the attribute based laboratory control (ABLC) system and the results are also reported.