Access control for collaborative environments
CSCW '92 Proceedings of the 1992 ACM conference on Computer-supported cooperative work
Conflicts in Policy-Based Distributed Systems Management
IEEE Transactions on Software Engineering
An algebra for composing access control policies
ACM Transactions on Information and System Security (TISSEC)
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Analyzing web access control policies
Proceedings of the 16th international conference on World Wide Web
On the definition of role mining
Proceedings of the 15th ACM symposium on Access control models and technologies
Mining Roles with Multiple Objectives
ACM Transactions on Information and System Security (TISSEC)
Anomaly discovery and resolution in web access control policies
Proceedings of the 16th ACM symposium on Access control models and technologies
Complete redundancy detection in firewalls
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Modeling and Management of Firewall Policies
IEEE Transactions on Network and Service Management
Network-level access control policy analysis and transformation
IEEE/ACM Transactions on Networking (TON)
Hi-index | 0.00 |
The evolution of information systems sees an increasing need of flexible and sophisticated approaches for the automated detection of anomalies in security policies. One of these anomalies is redundancy, which may increase the total cost of management of the policies and may reduce the performance of access control mechanisms and of other anomaly detection techniques. We consider three approaches that can remove redundancy from access control policies, progressively reducing the number of authorizations in the policy itself. We show that several problems associated with redundancy are NP-hard. We propose exact solutions to two of these problems, namely the Minimum Policy Problem, which consists in computing the minimum policy that represents the behaviour of the system, and the Minimum Irreducible Policy Problem, consisting in computing the redundancy-free version of a policy with the smallest number of authorizations. Furthermore we propose heuristic solutions to those problems. We also present a comparison between the exact and heuristics solutions based on experiments that use policies derived from bibliographical databases.