• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>IEEE transactions on dependable and secure computing >Safety Decidability for Pre-Authorization Usage Control with Identifier Attribute Domains
【24h】

Safety Decidability for Pre-Authorization Usage Control with Identifier Attribute Domains

机译:使用标识符属性域进行预授权使用控制的安全可解锁性

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Safety analysis is a fundamental problem in authorization models. Safety decidable models provide theoretical foundations for decentralized security administration. Attributes of objects are central to usage control authorization models. It has previously been shown that inclusion of a single infinite attribute leads to undecidable safety, even without any creation of objects. Therefore unrestricted inclusion of infinite attributes is not possible in a safety decidable model. On the other hand, it has recently been shown that the safety problem for the pre-authorization usage control sub-model with finite attribute domains, called ${PreUCON_A<^>{finite}}$PreUCONAfinite, is decidable even with unbounded object creation. A major limitation of finite attributes is the inability to link objects through attribute values in presence of unbounded object creation (since attributes that reference other objects must be infinite in this case). It would be desirable to have safety-decidable attribute-based models which include both finite and infinite attributes (necessarily with some restrictions). This paper develops a pre-authorization usage control sub-model, called ${PreUCON}_A<^>{id}$PreUCONAid, with attribute domains solely comprised of infinite object identifiers with considerable restrictions on how these attributes can be updated. Safety decidability for ${PreUCON}_A<^>{id}$PreUCONAid is proved by defining the notion of $omega$omega-equivalent usage configurations, and showing that the reachable set of $omega$omega-equivalent usage configurations is computable and can be used to answer safety questions. The utility of such models in practice is illustrated by means of an example. The paper further shows that addition of even a single finite domain attribute to ${PreUCON}_A<^>{id}$PreUCONAid results in undecidable safety. These results indicate that combining finite and infinite attributes in a safety decidable model is a challenging task, which will likely require carefully crafted restrictions on updates to these attributes. The formulation of such a model remains an important open question.
机译:安全分析是授权模型中的根本问题。安全可判定模型为分散的安全管理提供了理论基础。对象的属性是使用控制授权模型的核心。目前已经表明包含单个无限属性导致不可透明的安全性,即使没有任何对象的创建。因此,在安全可解释模型中,不可能包含无限属性的无限制。另一方面,已经表明,即使使用无限的对象创建,也可以表明,具有有限属性域的预制属性域的预授权使用控制子模型的安全问题即使是未绑定的对象创建,也可以解密欺诈.Peard} $ preuconafinite是可解除的。有限属性的一个主要限制是通过在存在无界对象创建的情况下通过属性值链接对象(因为在这种情况下引用其他对象的属性必须是无限的)。希望具有基于安全可解除的属性的模型,其包括有限和无限属性(必然有一些限制)。本文开发了一个预先授权的使用控制子模型,称为$ {preucon} _a <^> {id $ preuconaid,属性域仅由无限的对象标识符组成,对如何更新这些属性的具有相当大的限制。通过定义$ Omega $ Omega-Addited使用配置的概念来证明,以$ {PREUCON} _A _A {ID} $ PUTUConaid的安全可删除性,并显示可到达的$ OMEGA $ OMEGA - 等效使用配置可计算,可用于回答安全问题。通过示例说明了这种模型的效用。该论文进一步表明,即使是$ {PRUCUCON} _A _A {ID} $ PUTUConaid也会导致甚至是单个有限域属性的增加。这些结果表明,在安全可解释模型中结合有限和无限属性是一个具有挑战性的任务,这可能需要仔细制作对这些属性的更新的限制。这种模型的制定仍然是一个重要的开放问题。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号