Role-Based Access Control Models
Computer
A model of accountability, confidentiality and override for healthcare and other applications
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Protection in operating systems
Communications of the ACM
Managing access control complexity using metrices
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
Practical Domain and Type Enforcement for UNIX
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
Policy management using access control spaces
ACM Transactions on Information and System Security (TISSEC)
Supporting access control policies across multiple operating systems
Proceedings of the 43rd annual Southeast regional conference - Volume 2
Managing heterogeneous network environments using an extensible policy framework
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Analyzing integrity protection in the SELinux example policy
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
A logical specification and analysis for SELinux MLS policy
Proceedings of the 12th ACM symposium on Access control models and technologies
Verifying compliance of trusted programs
SS'08 Proceedings of the 17th conference on Security symposium
Simplifying security policy descriptions for internet servers in secure operating systems
Proceedings of the 2009 ACM symposium on Applied Computing
Extending access control models with break-glass
Proceedings of the 14th ACM symposium on Access control models and technologies
PolicyGlobe: a framework for integrating network and operating system security policies
Proceedings of the 2nd ACM workshop on Assurable and usable security configuration
A logical specification and analysis for SELinux MLS policy
ACM Transactions on Information and System Security (TISSEC)
An access control model for mobile physical objects
Proceedings of the 15th ACM symposium on Access control models and technologies
SEEdit: SELinux security policy configuration system with higher level language
LISA'09 Proceedings of the 23rd conference on Large installation system administration
Towards a mechanism for discretionary overriding of access control
SP'04 Proceedings of the 12th international conference on Security Protocols
| Hi-index | 0.01 |
We present the concept of an access control space and investigate how it may be useful in managing access control policies. An access control space represents the permission assignment state of a subject. We identify subspaces that have meaningful semantics. For example, the set permissions explicitly assigned to a subject defines its specified subspace, and constraints define the prohibited subspace. In analyzing these subspaces, we identify two problems: (1) often a significant portion of the access control space has unknown assignment semantics, meaning that it is not defined whether an assignment in this space should be permitted or not, and (2) often high-level assignments and constraints that are easily understood result in conflicts where permissions are both specified and prohibited. To solve these problems, we have developed a tool, called Gokyo, that enables definition and analysis of access control spaces. Gokyo computes the unknown subspace to show system administrators the ambiguous region and enable them to reduce it. Gokyo identifies conflicting subspaces and enables system administrators to handle subspaces as exceptions, if desired. We demonstrate the utility of Gokyo by analyzing a web server policy example.