research-article

Resiliency Policies in Access Control

Authors:

Mahesh TripunitaraAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 12, Issue 4

Article No.: 20, Pages 1 - 34

https://doi.org/10.1145/1513601.1513602

Published: 01 April 2009 Publication History

Abstract

We introduce the notion of resiliency policies in the context of access control systems. Such policies require an access control system to be resilient to the absence of users. An example resiliency policy requires that upon removal of any s users, there should still exist d disjoint sets of users such that the users in each set together possess certain permissions of interest. Such a policy ensures that even when emergency situations cause some users to be absent, there still exist independent teams of users that have the permissions necessary for carrying out critical tasks. The Resiliency Checking Problem determines whether an access control state satisfies a given resiliency policy. We show that the general case of the problem and several subcases are intractable (NP-hard), and identify two subcases that are solvable in linear time. For the intractable cases, we also identify the complexity class in the polynomial hierarchy to which these problems belong. We discuss the design and evaluation of an algorithm that can efficiently solve instances of nontrivial sizes that belong to the intractable cases of the problem. Furthermore, we study the consistency problem between resiliency policies and static separation of duty policies. Finally, we combine the notions of resiliency and separation of duty to introduce the resilient separation of duty policy, which is useful in situations where both fault-tolerance and fraud-prevention are desired.

References

[1]

Ahn, G.-J. and Sandhu, R. S. 2000. Role-based authorization constraints specification. ACM Trans. Inf. Syst. Sec. 3, 4, 207--226.

Digital Library

[2]

Clark, D. D. and Wilson, D. R. 1987. A comparision of commercial and military computer security policies. In Proceedings of the IEEE Symposium on Security and Privacy (SP’87). IEEE Computer Society Press, 184--194.

[3]

Crampton, J. 2003. Specifying and enforcing constraints in role-based access control. In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT’03). 43--50.

Digital Library

[4]

Du, D., Gu, J., and Pardalos, P. M., Eds. 1997. Satisfiability problem: Theory and applications. In DIMACS Series in Discrete Mathematics and Theoretical Computer Science, 35. AMS Press.

[5]

Garey, M. R. and Johnson, D. J. 1979. Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman and Company.

Digital Library

[6]

Gligor, V. D., Gavrila, S. I., and Ferraiolo, D. F. 1998. On the formal definition of separation-of-duty policies and their composition. In Proceedings of IEEE Symposium on Research in Security and Privacy (SP’98). 172--183.

[7]

Graham, G. S. and Denning, P. J. 1972. Protection---Principles and practice. In Proceedings of the American Federation of Information Processing Societies National Semiannual Computer Conference Spring Joint Computer Conference (AFIPS’72). 40, 417--429.

Digital Library

[8]

Harrison, M. A., Ruzzo, W. L., and Ullman, J. D. 1976. Protection in operating systems. Comm. ACM 19, 8, 461--471.

Digital Library

[9]

Jaeger, T. and Tidswell, J. E. 2001. Practical safety in flexible access control models. ACM Trans. Inf. Syst. Sec. 4, 2, 158--190.

Digital Library

[10]

Koch, M., Mancini, L. V., and Parisi-Presicce, F. 2002a. Decidability of safety in graph-based models for access control. In Proceedings of the 7th European Symposium on Research in Computer Security (ESORICS’02). Springer, 229--243.

Digital Library

[11]

Koch, M., Mancini, L. V., and Parisi-Presicce, F. 2002b. A graph-based formalism for RBAC. ACM Trans. Inf. Syst. Sec. 5, 3 (Aug.), 332--365.

Digital Library

[12]

Lampson, B. W. 1971. Protection. In Proceedings of the 5th Princeton Conference on Information Sciences and Systems (CISS’71). (Reprinted in ACM Operat. Syst. Rev. 8, 1, 18--24).

[13]

Le Berre, D. 2006. SAT4J: A satisfiability library for Java. Retrieved from http://www.sat4j.org/.

[14]

Li, N., Bizri, Z., and Tripunitara, M. V. 2004. On mutually-exclusive roles and separation of duty. In Proceedings of the ACM Conference on Computer and Communications Security (CCS’04). ACM Press, 42--51.

Digital Library

[15]

Li, N., Mitchell, J. C., and Winsborough, W. H. 2005. Beyond proof-of-compliance: Security analysis in trust management. Preliminary version appeared in Proceedings of 2003 IEEE Symposium on Security and Privacy (SP’05). J. ACM 52, 3, 474--514.

Digital Library

[16]

Li, N. and Tripunitara, M. V. 2004. Security analysis in role-based access control. In Proceedings of the 9th ACM Symposium on Access Control Models and Technologies (SACMAT’04). 126--135.

Digital Library

[17]

Lipton, R. J. and Snyder, L. 1977. A linear time algorithm for deciding subject security. J. ACM 24, 3, 455--464.

Digital Library

[18]

Nash, M. J. and Poland, K. R. 1990. Some conundrums concerning separation of duty. In Proceedings of IEEE Symposium on Research in Security and Privacy (SP’90). 201--209.

[19]

Papadimitriou, C. H. 1994. Computational Complexity. Addison Wesley Longman.

[20]

Saltzer, J. H. and Schroeder, M. D. 1975. The protection of information in computer systems. Proc. IEEE 63, 9, 1278--1308.

[21]

Sandhu, R. 1990. Separation of duties in computerized information systems. In Proceedings of the International Federation Information Processing WG11.3 Workshop on Database Security (IFIP’90).

[22]

Sandhu, R. S. 1988a. The schematic protection model: Its definition and analysis for acyclic attenuating systems. J. ACM 35, 2, 404--432.

Digital Library

[23]

Sandhu, R. S. 1988b. Transaction control expressions for separation of duties. In Proceedings of the 4th Annual Computer Security Applications Conference (ACSAC’88).

[24]

Sandhu, R. S. 1992. The typed access matrix model. In Proceedings of the IEEE Symposium on Security and Privacy (SP’92). IEEE Computer Society Press, 122--136.

Digital Library

[25]

Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. 1996. Role-based access control models. IEEE Comput. 29, 2, 38--47.

Digital Library

[26]

Simon, T. T. and Zurko, M. E. 1997. Separation of duty in role-based environments. In Proceedings of the 10th Computer Security Foundations Workshop (CSFW’97). IEEE Computer Society Press, 183--194.

Digital Library

[27]

Wang, Q. and Li, N. 2007. Satisfiability and resiliency in workflow systems. In Proceedings of the European Symposium on Research in Computer Security (ESORICS’07).

Digital Library

Cited By

Yang BHu H(2024)Resiliency Analysis of Role-Based Access Control via Constraint Enforcement and Mathematical ProgrammingIEEE Transactions on Systems, Man, and Cybernetics: Systems10.1109/TSMC.2024.337356754:7(4089-4100)Online publication date: Jul-2024
https://doi.org/10.1109/TSMC.2024.3373567
Crampton JEiben EGutin GKarapetyan DMajumdar D(2022)Valued Authorization Policy Existence Problem: Theory and ExperimentsACM Transactions on Privacy and Security10.1145/352810125:4(1-32)Online publication date: 9-Jul-2022
https://dl.acm.org/doi/10.1145/3528101
Crampton JEiben EGutin GKarapetyan DMajumdar DLobo JDi Pietro RChowdhury O(2021)Valued Authorization Policy Existence ProblemProceedings of the 26th ACM Symposium on Access Control Models and Technologies10.1145/3450569.3463571(83-94)Online publication date: 11-Jun-2021
https://dl.acm.org/doi/10.1145/3450569.3463571
Show More Cited By

Index Terms

Resiliency Policies in Access Control

Recommendations

Satisfiability and Resiliency in Workflow Authorization Systems

We propose the role-and-relation-based access control (R²BAC) model for workflow authorization systems. In R²BAC, in addition to a user’s role memberships, the user’s relationships with other users help determine whether the user is allowed to perform a ...
Resiliency policies in access control
CCS '06: Proceedings of the 13th ACM conference on Computer and communications security

We introduce the notion of resiliency policies in the context of access control systems. Such policies require an access control system to be resilient to the absence of users. An example resiliency policy requires that, upon removal of any s users, ...
Resiliency Policies in Access Control Revisited
SACMAT '16: Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies

Resiliency is a relatively new topic in the context of access control. Informally, it refers to the extent to which a multi-user computer system, subject to an authorization policy, is able to continue functioning if a number of authorized users are ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security

ACM Transactions on Information and System Security Volume 12, Issue 4

April 2009

96 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/1513601

Issue’s Table of Contents

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 April 2009

Accepted: 01 July 2008

Revised: 01 June 2008

Received: 01 May 2007

Published in TISSEC Volume 12, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
865
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yang BHu H(2024)Resiliency Analysis of Role-Based Access Control via Constraint Enforcement and Mathematical ProgrammingIEEE Transactions on Systems, Man, and Cybernetics: Systems10.1109/TSMC.2024.337356754:7(4089-4100)Online publication date: Jul-2024
https://doi.org/10.1109/TSMC.2024.3373567
Crampton JEiben EGutin GKarapetyan DMajumdar D(2022)Valued Authorization Policy Existence Problem: Theory and ExperimentsACM Transactions on Privacy and Security10.1145/352810125:4(1-32)Online publication date: 9-Jul-2022
https://dl.acm.org/doi/10.1145/3528101
Crampton JEiben EGutin GKarapetyan DMajumdar DLobo JDi Pietro RChowdhury O(2021)Valued Authorization Policy Existence ProblemProceedings of the 26th ACM Symposium on Access Control Models and Technologies10.1145/3450569.3463571(83-94)Online publication date: 11-Jun-2021
https://dl.acm.org/doi/10.1145/3450569.3463571
Wang ZJin YYang SHan JLu J(2021)An Improved Genetic Algorithm for Safety and Availability Checking in Cyber-Physical SystemsIEEE Access10.1109/ACCESS.2021.30726359(56869-56880)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3072635
Berge PCrampton JGutin GWatrigant R(2020)The Authorization Policy Existence ProblemIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2018.288341617:6(1333-1344)Online publication date: 1-Nov-2020
https://doi.org/10.1109/TDSC.2018.2883416
Fong PAhn GThuraisingham BKantarcioglu MKrishnan R(2019)Results in Workflow ResiliencyProceedings of the Ninth ACM Conference on Data and Application Security and Privacy10.1145/3292006.3300038(185-196)Online publication date: 13-Mar-2019
https://dl.acm.org/doi/10.1145/3292006.3300038
Crampton JGutin GKoutecký MWatrigant R(2019)Parameterized resiliency problemsTheoretical Computer Science10.1016/j.tcs.2019.08.002Online publication date: Aug-2019
https://doi.org/10.1016/j.tcs.2019.08.002
dos Santos DRanise SCompagna LPonta S(2017)Automatically finding execution scenarios to deploy security-sensitive workflowsJournal of Computer Security10.3233/JCS-1689425:3(255-282)Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.3233/JCS-16894
Gouglidis AHu VBusby JHutchison DBertino ESandhu RKrishnan R(2017)Verification of Resilience Policies that Assist Attribute Based Access ControlProceedings of the 2nd ACM Workshop on Attribute-Based Access Control10.1145/3041048.3041049(43-52)Online publication date: 24-Mar-2017
https://dl.acm.org/doi/10.1145/3041048.3041049
Berge PCrampton JGutin GWatrigant RAhn GPretschner AGhinita G(2017)The Authorization Policy Existence ProblemProceedings of the Seventh ACM on Conference on Data and Application Security and Privacy10.1145/3029806.3029844(163-165)Online publication date: 22-Mar-2017
https://dl.acm.org/doi/10.1145/3029806.3029844
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents