research-article

An actor-based, application-aware access control evaluation framework

Authors:

William C. Garrison,

Timothy L. HinrichsAuthors Info & Claims

SACMAT '14: Proceedings of the 19th ACM symposium on Access control models and technologies

Pages 199 - 210

https://doi.org/10.1145/2613087.2613099

Published: 25 June 2014 Publication History

Abstract

To date, most work regarding the formal analysis of access control schemes has focused on quantifying and comparing the expressive power of a set of schemes. Although expressive power is important, it is a property that exists in an *absolute* sense, detached from the application context within which an access control scheme will ultimately be deployed. By contrast, we formalize the access control *suitability analysis problem*, which seeks to evaluate the degree to which a set of candidate access control schemes can meet the needs of an application-specific workload. This process involves both reductions to assess whether a scheme is *capable* of implementing a workload (qualitative analysis), as well as cost analysis using ordered measures to quantify the *overheads* of using each candidate scheme to service the workload (quantitative analysis). We formalize the two-facet suitability analysis problem, which formally describes this task. We then develop a mathematical framework for this type of analysis, and evaluate this framework both formally, by quantifying its efficiency and accuracy properties, and practically, by exploring an academic program committee workload.

References

[1]

P. Ammann, R. J. Lipton, and R. S. Sandhu. The expressive power of multi-parent creation in monotonic access control models. JCS, 4(2/3):149--166, 1996.

Digital Library

[2]

Kay S. Anderson et al. Sword: scalable and exible workload generator for distributed data processing systems. In Winter Simulation Conference (WSC), pages 2109--2116, Dec 2006.

Digital Library

[3]

A. Chander, J. C. Mitchell, and D. Dean. A state-transition model of trust management and access control. In IEEE CSFW, pages 27--43, 2001.

Digital Library

[4]

J. Crampton, G. Gutin, and A. Yeo. On the parameterized complexity and kernelization of the work ow satis ability problem. ACM TISSEC, 16(1), 2013.

Digital Library

[5]

David F. Ferraiolo et al. Proposed nist standard for role-based access control. ACM TISSEC, 4(3):224--274, 2001.

Digital Library

[6]

G. R. Ganger. Generating representative synthetic workloads: An unsolved problem. In International CMG Conference, pages 1263--1269, Dec 1995.

[7]

S. Garfinkel, G. Spafford, and A. Schwartz. Practical UNIX and Internet Security. NIST special publication: Computer security. O'Reilly Media, 2003.

Digital Library

[8]

W. C. Garrison III, A. J. Lee, and T. L. Hinrichs. The design and demonstration of an actor-based, application-aware access control evaluation framework. Technical Report arXiv:1302.1134, Feb 2013.

[9]

W. C. Garrison III, Y. Qiao, and A. J. Lee. On the suitability of dissemination-centric access control systems for group-centric sharing. In CODASPY, 2014.

Digital Library

[10]

M. A. Harrison, W. L. Ruzzo, and J. D. Ullman. Protection in operating systems. CACM, 19(8):461--471, Aug 1976.

Digital Library

[11]

Timothy L. Hinrichs et al. Application-sensitive access control evaluation using parameterized expressiveness. In IEEE CSF, June 2013.

Digital Library

[12]

J. Hromkovic. Algorithmics for Hard Problems: Introduction to Combinatorial Optimization, Randomization, Approximation, and Heuristics. Springer-Verlag, Berlin, Heidelberg, 2010.

Digital Library

[13]

V. C. Hu, D. F. Ferraiolo, and D. R. Kuhn. Assessment of Access Control Systems. National Institute of Standards and Technology, 2006.

[14]

Ram Krishnan et al. Group-centric secure information-sharing models for isolated groups. ACM TISSEC, 14(3):23, 2011.

Digital Library

[15]

Ram Krishnan et al. Foundations for group-centric secure information sharing models. In ACM SACMAT, pages 115--124, 2009.

Digital Library

[16]

A. Law. Simulation Modeling and Analysis. McGraw-Hill, 2006.

Digital Library

[17]

N. Li, J. C. Mitchell, and W. H. Winsborough. Beyond proof-of-compliance: security analysis in trust management. J. ACM, 52(3):474--514, May 2005.

Digital Library

[18]

T. M. Liggett. Continuous Time Markov Processes: An Introduction. Graduate Studies in Mathematics Series. American Mathematical Society, 2010.

[19]

R. J. Lipton and L. Snyder. A linear time algorithm for deciding subject security. J. ACM, 24(3):455--464, 1977.

Digital Library

[20]

I. Molloy, P.-C. Cheng, and P. Rohatgi. Trading in risk: using markets to improve access control. In NSPW, 2008.

Digital Library

[21]

S. Osborne, R. Sandhu, and Q. Munawer. Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM TISSEC, 3(2):85--106, May 2000.

Digital Library

[22]

R. Sandhu. Expressive power of the schematic protection model. JCS, 1(1):59--98, 1992.

[23]

Ravi S. Sandhu et al. Role-based access control models. IEEE Computer, 29(2):38--47, 1996.

Digital Library

[24]

R. S. Sandhu and S. Ganta. On testing for absence of rights in access control models. In IEEE CSFW, pages 109--118, 1993.

[25]

M. V. Tripunitara and N. Li. A theory for comparing the expressive power of access control models. JCS, 15(2):231--272, 2007.

Digital Library

[26]

Q. Wang and N. Li. Satis ability and resiliency in work ow authorization systems. ACM TISSEC, 13(4), 2010.

Digital Library

[27]

Dana Zhang et al. RoleVAT: Visual assessment of practical need for role based access control. In ACSAC, pages 13--22, Dec 2009.

Digital Library

Cited By

M SKS KT VG SD S(2023)Dynamic Access Control Through Cryptography in CloudITM Web of Conferences10.1051/itmconf/2023560600156(06001)Online publication date: 9-Aug-2023
https://doi.org/10.1051/itmconf/20235606001
Gil GArnaiz AHiguero MDiez F(2022)Assessment Framework for the Identification and Evaluation of Main Features for Distributed Usage Control SolutionsACM Transactions on Privacy and Security10.1145/356151126:1(1-28)Online publication date: 11-Nov-2022
https://dl.acm.org/doi/10.1145/3561511
Yu WZhang L(2022)Research on Zero Trust Access Control Model and Formalization Based on Rail Transit Data Platform2022 IEEE 10th International Conference on Information, Communication and Networks (ICICN)10.1109/ICICN56848.2022.10006520(689-695)Online publication date: 23-Aug-2022
https://doi.org/10.1109/ICICN56848.2022.10006520
Show More Cited By

Index Terms

An actor-based, application-aware access control evaluation framework
1. Security and privacy
  1. Security services
    1. Access control
  2. Systems security
    1. Operating systems security
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed Systems

Role-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Constraints-based access control
Das'01: Proceedings of the fifteenth annual working conference on Database and application security

The most important aspect of security in a database after establishing the authenticity of the user is its access control mechanism. The ability of this access control mechanism to express the security policy can make or break the system.This paper ...
Towards Attribute-Centric Access Control: an ABAC versus RBAC argument

Recent developments in attribute-based access control have fueled the conventional debate regarding the pros and cons of Attributes-based access control ABAC versus Role-based access control RBAC. However, existing arguments have been primarily focused ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '14: Proceedings of the 19th ACM symposium on Access control models and technologies

June 2014

234 pages

ISBN:9781450329392

DOI:10.1145/2613087

General Chair:
Sylvia Osborn
University of Western Ontario, Canada
,
Program Chairs:
Mahesh V. Tripunitara
University of Waterloo, Canada
,
Ian M. Molloy
IBM Research, USA

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 June 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SACMAT '14

Sponsor:

SIGSAC

SACMAT '14: 19th ACM Symposium on Access Control Models and Technologies

June 25 - 27, 2014

Ontario, London, Canada

Acceptance Rates

SACMAT '14 Paper Acceptance Rate 17 of 58 submissions, 29%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
201
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)2

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

M SKS KT VG SD S(2023)Dynamic Access Control Through Cryptography in CloudITM Web of Conferences10.1051/itmconf/2023560600156(06001)Online publication date: 9-Aug-2023
https://doi.org/10.1051/itmconf/20235606001
Gil GArnaiz AHiguero MDiez F(2022)Assessment Framework for the Identification and Evaluation of Main Features for Distributed Usage Control SolutionsACM Transactions on Privacy and Security10.1145/356151126:1(1-28)Online publication date: 11-Nov-2022
https://dl.acm.org/doi/10.1145/3561511
Yu WZhang L(2022)Research on Zero Trust Access Control Model and Formalization Based on Rail Transit Data Platform2022 IEEE 10th International Conference on Information, Communication and Networks (ICICN)10.1109/ICICN56848.2022.10006520(689-695)Online publication date: 23-Aug-2022
https://doi.org/10.1109/ICICN56848.2022.10006520
Qi SZheng Y(2021)Crypt-DAC: Cryptographically Enforced Dynamic Access Control in the CloudIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2019.290816418:2(765-779)Online publication date: 1-Mar-2021
https://doi.org/10.1109/TDSC.2019.2908164
Oliveira LWilkinson DMosse DChilders B(2018)Occam: Software environment for creating reproducible research2018 IEEE 14th International Conference on e-Science (e-Science)10.1109/eScience.2018.00117(394-395)Online publication date: Oct-2018
https://doi.org/10.1109/eScience.2018.00117
Garrison WShull AMyers SLee A(2016)On the Practicality of Cryptographically Enforcing Dynamic Access Control Policies in the Cloud2016 IEEE Symposium on Security and Privacy (SP)10.1109/SP.2016.54(819-838)Online publication date: May-2016
https://doi.org/10.1109/SP.2016.54
Garrison WLee A(2015)Decomposing, Comparing, and Synthesizing Access Control Expressiveness SimulationsProceedings of the 2015 IEEE 28th Computer Security Foundations Symposium10.1109/CSF.2015.9(18-32)Online publication date: 13-Jul-2015
https://dl.acm.org/doi/10.1109/CSF.2015.9

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents