Lin Yao,Xiangwei Kong,Zichuan Xu

DOI: https://doi.org/10.1109/NCM.2008.75

2008-01-01

Abstract:Although RBAC models have received broad support as a generalized approach to access control, the administration of roles in large organizations can become quite cumbersome. In this paper, we develop a new paradigm for access control and authorization management, called task-role based access control (TRBAC) with multi-constraint. The basic idea of this model different from traditional RBAC is that roles and permissions are not connected directly but are put together by tasks. It is a dynamic authorization model with fine-grained partition on users, roles, tasks and sessions. The unit of task becomes the permission granularity. It is more convenient for enterprise privilege management such as distributed application,C/S access control and workflow management. It can reduce the administrator's burden and avoid some potential safety hazards because of adopted dynamic authorization.

Mingjie Yu,Fenghua Li,Nenghai Yu,Xiao Wang,Yunchuan Guo

DOI: https://doi.org/10.1016/j.dcan.2022.09.002

IF: 6.348

2022-10-01

Digital Communications and Networks

Abstract:Policy conflicts may cause substantial economic losses. Although a large amount of effort has been spent on detecting intra-domain policy conflict, it can not detect conflicts of heterogeneous policies. In this paper, considering background knowledge, we propose a conflict detection mechanism to search and locate conflicts of heterogeneous policies. First, we propose a general access control model to describe authorization mechanisms of cloud service and a translation scheme designed to translate a cloud service policy to an Extensible Access Control Markup Language (XACML) policy. Then the scheme based on Multi-terminal Multi-data-type Interval Decision Diagram (MTMIDD) and Extended MTMIDD (X-MTMIDD) is designed to represent XACML policy and search the conflict among heterogeneous policies. To reduce the rate of false positives, the description logic is used to represent XACML policy and eliminate false conflicts. Experimental results show the efficiency of our scheme.

telecommunications

WU Di,ZHU Miao-liang,CHEN Xi-yuan,LIN Jian

DOI: https://doi.org/10.3785/j.issn.1008-973x.2007.09.025

2007-01-01

Abstract:A security violation detection method was proposed to meet the requirements of secure interoperation among distributed systems.Role mapping mechanism was introduced among the role-based access control(RBAC) systems to implement access control across systems.The security violation of interoperation with role mappings was analyzed and the formalized definitions of secure interoperation were done.Then a minimum detection method according to the feature of distributed environment was introduced particularly.This method reduced the computation complexity by decreasing the amount of roles involved in the detection.The security violation character was further analyzed based on the minimum detection method to help administrators eliminate security violation.

CH Fang,W Peng,XZ Ye,SY Zhang

DOI: https://doi.org/10.1109/cscwd.2005.194248

2007-01-01

Journal of Software

Abstract:Access control is one of the key steps to ensuring the availability, confidentiality and integrity of system resources. While it has been fully applied in various network systems, it's still relatively new for collaborative CAD. This paper provides a new framework of multi-level access control for collaborative CAD based on hierarchical product modeling. A layered privilege model (LPM) has been developed to provide multi-granularity access permissions in the part level and feature level. An extended hierarchy role-based access control (EHRBAC) is implemented, integrated with LPM and common Hierarchy RBAC, to provide hierarchical access control of collaborative feature modeling in the component/part level and design feature level. Mesh simplification techniques are used to create variable level-of-detail for individual features.

Xiyuan Chen,Di Wu.,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1109/ICCIAS.2006.295308

2006-01-01

Abstract:To satisfy the requirements of secure interoperation among distributed systems, a security violation detection method for RBAC based interoperation is proposed We carry out the discussion in the scope of Core RBAC and Hierarchy RBAC. To better illustrate the method for RBAC based interoperation, a formal definition of secure interoperation in RBAC systems has been introduced. Security violation of interoperation with role mappings in the distributed systems is analyzed. Based on these discussions, a minimum security violation detection method for RBAC based interoperation according to the feature of RBAC system and the inherent characteristic of interoperation in distributed environment is introduced. The minimum detection method provides good performance reducing complexity by decreasing amount of roles involved in detection.

Vincent C. Hu,Evan Martin,JeeHyun Hwang,Tao Xie

DOI: https://doi.org/10.1109/compsac.2007.96

2007-01-01

Abstract:Access control is one of the most fundamental and widely used security mechanisms. Access control mechanisms control which principals such as users or processes have access to which resources in a system. To facilitate managing and maintaining access control, access control policies are increasingly written in specification languages such as XACML. The specification of access control policies itself is often a challenging problem. Furthermore, XACML is intentionally designed to be generic: it provides the freedom in describing access control policies, which are well-known or invented ones. But the flexibility and expressiveness provided by XACML come at the cost of complexity, verbosity, and lack of desirable-property enforcement. Often common properties for specific access control policies may not be satisfied when these policies are specified in XACML, causing the discrepancy between what the policy authors intend to specify and what the actually specified XACML policies reflect. In this position paper, we propose an approach for conducting conformance checking of access control policies specified in XACML based on existing verification and testing tools for XACML policies.

JeeHyun Hwang,Tao Xie,Vincent Hu,Mine Altunay

DOI: https://doi.org/10.1007/978-3-642-13739-6_13

2010-01-01

Abstract:Access control mechanisms are used to control which principals (such as users or processes) have access to which resources based on access control policies. To ensure the correctness of access control policies, policy authors conduct policy verification to check whether certain properties are satisfied by a policy. However, these properties are often not written in practice. To facilitate property verification, we present an approach that automatically mines likely properties from a policy via the technique of association rule mining. In our approach, mined likely properties may not be true for all the policy behaviors but are true for most of the policy behaviors. The policy behaviors that do not satisfy likely properties could be faulty. Therefore, our approach then conducts likely-property verification to produce counterexamples, which are used to help policy authors identify faulty rules in the policy. To show the effectiveness of our approach, we conduct evaluation on four XACML policies. Our evaluation results show that our approach achieves more than 30% higher fault-detection capability than that of an existing approach. Our approach includes additional techniques such as basic and prioritization techniques that help reduce a significant percentage of counterexamples for inspection compared to the existing approach.

Evan Martin,Tao Xie

2006-01-01

Abstract:To facilitate managing access control in a system, access control policies are increasingly written in specification languages such as XACML. A dedicated software component called a Policy Decision Point (PDP) interprets the specified policies, receives access requests, and returns responses to inform whether access should be permitted or denied. To increase confidence in the correctness of specified policies, policy developers can conduct policy testing by supplying typical test inputs (requests) to the PDP and subsequently checking test outputs (responses) against expected ones. Unfortunately, manual testing is tedious and few tools exist for automated testing of XACML policies.In this paper, we present our work toward a framework for systematic testing of access control policies. The framework includes components for policy coverage definition and measurement, request generation, request evaluation, request set minimization, policy property inference, and mutation testing. This framework allows us to evaluate various criteria for test generation and selection, investigate mutation operators, and determine a relationship between structural coverage and fault-detection capability. We have implemented the framework and applied it to various XACML policies. Our experimental results offer valuable insights into choosing mutation operators in mutation testing and choosing coverage criteria in test generation and selection.

Evan Martin,Tao Xie

DOI: https://doi.org/10.1109/POLICY.2006.19

2006-01-01

Abstract:To ease the burden of implementing and maintaining access-control aspects in a system, a growing trend among developers is to write access-control policies in a specification language such as XACML and integrate the policies with applications through the use of a Policy Decision Point (PDP). To assure that the specified polices reflect the expected ones, recent research has developed policy verification tools; however, their applications in practice are still limited, being constrained by the limited set of supported policy language features and the unavailability of policy properties. This paper presents a data-mining approach to the problem of verifying that expressed access-control policies reflect the true desires of the policy author. We developed a tool to investigate this approach by automatically generating requests, evaluating those requests to get responses, and applying machine learning on the requestresponse pairs to infer policy properties. These inferred properties facilitate the inspection of the policy behavior. We applied our tool on an access-control policy of a central grades repository system for a university. Our results show that machine learning algorithms can provide valuable insight into basic policy properties and help identify specific bug-exposing requests.

Evan Martin,Tao Xie,Ting Yu

DOI: https://doi.org/10.1007/11935308_11

2006-01-01

Abstract:To facilitate managing access control in a system, security officers increasingly write access control policies in specification languages such as XACML, and use a dedicated software component called a Policy Decision Point (PDP). To increase confidence on written policies, certain types of policy testing (often in an ad hoc way) are usually conducted, which probe the PDP with some typical requests and check PDP's responses against expected ones. This paper develops a first step toward systematic policy testing by defining and measuring policy coverage when testing policies. We have developed a coverage-measurement tool to measure policy coverage given a set of XACML policies and a set of requests. We have developed a tool for request generation, which randomly generates requests for a given set of policies, and a tool for request reduction, which greedily selects a nearly minimal set of requests for achieving the same coverage as the originally generated requests. To evaluate coverage-based request reduction and its effect on fault detection, we have conducted an experiment with mutation testing on a set of real policies. Our experimental results show that the coverage-based test reduction can substantially reduce the size of generated requests and incur only relatively low loss on fault detection. We also conduct a study on the policy coverage achieved by manually generated requests.

Chao Huang,Jianling Sun,Xinyu Wang,Yuanjie Si

DOI: https://doi.org/10.1109/ebiss.2009.5138002

2009-01-01

Abstract:Access control becomes more and more essential for safe and security access to the system resources. Role based access control policy widely used in industry enterprise systems nowadays is a statement which specifies the rules about how to setup the process for granting or denying authorizations. It is extremely important to make sure that there is no inconsistency of an access control policy, since otherwise it may conceal the security danger or even break down the entire access control system. In this paper, we analyze the inconsistencies of role based access control policy, and give the formal definition for the inconsistency. We then propose an inconsistency checking algorithm to detect the inconsistencies of a role based access control policy.

Tanjila Mawla,Maanak Gupta,Ravi Sandhu

2024-03-15

Abstract:The evolving smart and interconnected systems are designed to operate with minimal human intervention. Devices within these smart systems often engage in prolonged operations based on sensor data and contextual factors. Recently, an Activity-Centric Access Control (ACAC) model has been introduced to regulate these prolonged operations, referred to as activities, which undergo state changes over extended duration of time. Dependencies among different activities can influence and restrict the execution of one another, necessitating active and real-time monitoring of the dependencies between activities to prevent security violation. In the ACAC model, the activity dependencies, denoted as "D", is considered as a decision parameter for controlling a requested activity. These dependencies must be evaluated throughout all phases of an activity's life cycle.

Cryptography and Security

Nuo Li,JeeHyun Hwang,Tao Xie

DOI: https://doi.org/10.1145/1390832.1390837

2008-01-01

Abstract:ABSTRACTMany Web applications enhance their security via access-control systems. XACML is a standardized policy language, which has been widely used in access-control systems. In an XACML-based access-control system, policies, requests, and responses are written in XACML. An XACML implementation implements XACML functionalities to validate XACML requests against XACML policies. To ensure the quality of an XACML-based access-control system, we need an effective means to test whether the XACML implementation correctly implements XACML functionalities. The test inputs of an XACML implementation are XACML policies and requests. The test outputs are XACML responses. This paper proposes an approach to detect defects in XACML implementations via observing the behaviors of different XACML implementations for the same test inputs. As XACML has been widely used, we can collect different XACML implementations, and test them with the same XACML polices and requests to observe whether the different implementations produce different responses. Based on the analysis of different responses, we can detect defects in different XACML implementations. We show the feasibility of the proposed approach with a preliminary study on three XACML implementations.

Yun-qing Fu,Chun-xiao Ye

DOI: https://doi.org/10.1049/cp:20070238

2007-01-01

Abstract:Access control is widely used in most information systems. XML or other languages are usually adopted to define access control policy. In this paper, we examine an approach to employ user and role's attribute expression as a part of access control policy. In our approach, a XACML-based policy language named A-XACML is defined and used as a simple, flexible way to express and enforce access control policies in a variety of environments. The language and schema support include data types, functions, and combining logic which allow simple and complex rules to be defined. Finally, we illustrate how to define access control policies of product document management (PDM) system by using XACML.

Xinyu Wang,Jianling Sun,Xiaohu Yang,Chao Huang,Di Wu

DOI: https://doi.org/10.1093/ietisy/e91-d.5.1447

2008-01-01

IEICE Transactions on Information and Systems

Abstract:This paper proposes a security violation detection method for RBAC based interoperation to meet the requirements of secure interoperation among distributed systems. We use role mappings between RBAC systems to implement trans-system access control, analyze security violation of interoperation with role mappings, and formalize definitions of secure interoperation. A minimum detection method according to the feature of RBAC system in distributed environment is introduced in detail. This method reduces complexity by decreasing the amount of roles involved in detection. Finally, we analyze security violation further based on the minimum detection method to help administrators eliminate security violation.

Yongchao Li,You Li,Linzhang Wang,Guanling Chen

2014-01-01

Abstract:XACML has become increasingly popular for specifying access control policies in mission critical domains to protect sensitive resources. However, manually crafted XACML policies may contain errors which can only be identified with manual policies review. Recent progress in policy testing still requires tedious and inefficient manual efforts to compose access requests. In this paper, we propose an automatic XACML requests generation for testing access control policies by employing symbolic execution techniques. Firstly, the access control policy under test is converted into semantically equivalent C Code Representation (CCR). Secondly, the CCR is symbolically executed to generate test inputs. Finally, the test inputs are used to compose access control requests, which can be automatically evaluated with existing tools. We also implemented a prototype tool called XPTester (Xacml Policy Tester) and conducted extensive experiments upon real-world policies to demonstrate the scalability, efficiency and effectiveness. Keywords—Access control policy; XACML; test generation; symbolic execution

Rui Chang,Liehui Jiang,Wenzhi Chen,Hong-qi He,Shuiqiao Yang,Hang Jiang,Wei Liu,Yong Liu

DOI: https://doi.org/10.1002/cpe.4180

2018-01-01

Abstract:This paper discusses security issues on the user equipment, which is the last mile of social networks. One of the main Achilles' heel of social networks is not the organization of networks themselves, but the user devices, typically Android ones. The existing system of privileges makes it easy to infiltrate the network via applications installed on users' devices. Conventional signature-based and static analysis methods are vulnerable. Access to privacy- and security-relevant parts of the application programming interface is controlled by the corresponding permission in a manifest file. While requesting access to permissions, it may offer opportunities to malicious codes, which will cause security issues. Few works among permission analysis, however, pay attention to the prevention of permission leakage on both hardware and software frameworks. In this paper we tackle the challenge of providing our multilayered permission-based security extension scheme on Android platforms. We propose a usage and access control model and an effective method of preventing permission leakage based on ARM TrustZone security extension mechanism. In contrast to previous work, the proposed security architecture provides a permission-based mandatory access control on Android middleware, Linux kernel, and hardware layers. The evaluation results demonstrate the effectiveness of the proposed scheme in mitigating permission leakage vulnerabilities.

Francesca Lonetti,Eda Marchetti

DOI: https://doi.org/10.1049/iet-sen.2017.0351

2018-09-08

Abstract:Currently, eXtensible Access Control Markup Language (XACML) has becoming the standard for implementing access control policies and consequently more attention is dedicated to testing the correctness of XACML policies. In particular, coverage measures can be adopted for assessing test strategy effectiveness in exercising the policy elements. This study introduces a set of XACML coverage criteria and describes the access control infrastructure, based on a monitor engine, enabling the coverage criterion selection and the on-line tracing of the testing activity. Examples of infrastructure usage and of assessment of different test strategies are provided.

Software Engineering

Dipankar Dasgupta,Arunava Roy,Debasis Ghosh

DOI: https://doi.org/10.1016/j.ins.2017.09.039

IF: 8.1

2018-01-01

Information Sciences

Abstract:Exfiltration of sensitive data and intellectual property theft have increased to a significant level affecting both government agencies as well as small to large businesses. One of the major reasons of data breaches is malicious insiders who have the access rights, knowledge of data values and technical know-how of escalating their privileges in launching such insider attacks. Traditional access control policies (to shared data and computing resources) were evolved around the trust on legitimate users’ access rights (read, write and execute) based on their jobs and role hierarchy in an organization. However, such access privileges are increasingly being misused by hostile, oblivious, rouge and pseudo-insiders. This work introduces a multi-user permission strategy and formulates a methodology for shared-trustworthy access (to classified data and services) by considering organizational structure. Accordingly, based on the sensitivity of the information being requested by a user, approvers are selected dynamically to reflect the work environment such as mobility, use of the device, access policy, etc. For this purpose, the proposed methodology first generates an access control graph, based on inter-relationship among employees and their roles in an organization. Next, it generates a set of permission grantees who are allowed to approve the access request of a user at a given time. The proposed multi-user permission strategy is evaluated with two empirical datasets and reported results demonstrated its ability in selecting non-repetitive approvers for a user access under different organizational and environmental constraints.

computer science, information systems

袁平鹏,陈刚,董金祥

DOI: https://doi.org/10.3321/j.issn:1003-9775.2004.04.006

2004-01-01

Abstract:An access control paradigm composed of basic model and role model is proposed for collaborative applications. Basic model specifies the relationship among privileges and the way of ranking privileges. It relates privilege with operations on the objects, so the model appears more straightforward. Moreover, if Brokers' implementation permits, the model can support any grained access control. Role model re-defines the role concept of RBAC96, divides the permissions of role into public permissions, protect permissions and private permissions. It allows user to define roles more flexibly, prevents private permissions of roles from being inherited and reduces the definition of ancillary roles.