Affiliation:
1. IBM T. J. Watson Research Center, Hawthorne, NY
2. Symbian, Ltd., Hawthorne, NY
Abstract
We present the concept of an
access control space
and investigate how it may be useful in managing access control policies. An access control space represents the permission assignment state of a subject or role. For example, the set of permissions explicitly assigned to a role defines its
specified
subspace, and the set of constraints precluding assignment to that role defines its
prohibited
subspace. In analyzing these subspaces, we identify two problems: (1) often a significant portion of an access control space has unknown assignment semantics, which indicates that the policy is underspecified; and (2) often high-level assignments and constraints that are easily understood result in conflicts, where resolution often leads to significantly more complex specifications. We have developed a prototype system, called Gokyo, that computes access control spaces. Gokyo identifies the unknown subspace to assist system administrators in developing more complete policy specifications. Also, Gokyo identifies conflicting subspaces and enables system administrators to resolve conflicts in a variety of ways in order to preserve the simplicity of constraint specification. We demonstrate Gokyo by analyzing a Web server policy example and examine its utility by applying it to the SELinux example policy. Even for the extensive SELinux example policy, we find that only eight additional expressions are necessary to resolve Apache administrator policy conflicts.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Reference39 articles.
1. Role-based authorization constraints specification
2. Ammann P. and Sandhu R. 1992. The extended schematic protection model. J. Comput. Security 1 (1992). Ammann P. and Sandhu R. 1992. The extended schematic protection model. J. Comput. Security 1 (1992).
3. An authorization model for temporal and derived data
Cited by
28 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献