...
  • 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>IEEE transactions on dependable and secure computing >Cree: A Performant Tool for Safety Analysis of Administrative Temporal Role-Based Access Control (ATRBAC) Policies
【24h】

Cree: A Performant Tool for Safety Analysis of Administrative Temporal Role-Based Access Control (ATRBAC) Policies

机译:Cree:一种表演工具,用于安全分析的行政时间角色基础访问控制(atrbac)策略

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Access control deals with the roles and privileges to which a user is authorized, and is an important aspect of the security of a system. As enterprise access control systems need to scale to several users, roles and privileges, it is common for access control models to support delegation: a trusted security administrator is able to give semi-trusted users the ability to change portions of the authorization state. With delegation comes the danger that semi-trusted users, perhaps in collusion, may effect a state that violates enterprise policy, which in turn results in the problem called safety analysis, which is regarded as a fundamental and technically challenging problem in access control. Safety analysis is used by a trusted security administrator to answer "what if" questions before she grants privileges to a semi-trusted user. Safety analysis has been studied for various access control schemes in the literature; we address safety analysis in the context of Administrative Temporal Role-Based Access Control (ATRBAC), an administrative model for TRBAC, which is an extension to the traditional RBAC. ATRBAC has new features, which introduce new technical challenges for safety analysis: (i) a time-dimension: two new components in each administrative rule that specify in which time periods an administrative action may be effected, and a user is authorized to a role, and, (ii) two new kinds of rules for whether a role is enabled for administrative action. We propose a software tool, which we call Cree, for safety analysis of ATRBAC policies. In Cree we reduce ATRBAC-Safety to model checking and use an off-the-shelf model checker, NuSMV. The foundation for Cree is the observation from our prior work that ATRBAC safety is PSPACE. Along with an efficient reduction to model checking, we include in Cree four techniques to further improve performance: Polynomial Time Solving when possible, Forward and Backwards Pruning, Abstraction Refinement, and Bound Estimation. These are inspired by prior work, but our algorithms are different in that they address the new challenges that ATRBAC introduces. We discuss our design of Cree, and the results of a thorough empirical assessment across our approach, and five other prior tools for ATRBAC safety. Our results suggest that there are input classes for which Cree outperforms existing tools, and for the remainder, Cree's performance is no worse. We have made Cree available as open-source for public download.
机译:访问控制处理用户授权的角色和权限,并且是系统安全性的一个重要方面。由于企业访问控制系统需要缩放到多个用户,角色和权限,因此访问控制模型是支持委派的访问:可信安全管理员能够提供半信制的用户更改授权状态的部分的能力。通过代表团来说,可能在勾结的危险中可能会影响违反企业政策的国家,这反过来导致了所谓的安全分析,这被认为是访问控制中的基本和技术上挑战问题。受信任的安全管理员使用安全分析来回答“如果在向半值得信赖的用户提供权限之前回答”何时何时“问题。在文献中的各种访问控制方案研究了安全性分析;我们在基于行政时间角色的访问控制(ATRBAC)的背景下解决了安全分析,这是TRBAC的管理模型,这是传统RBAC的扩展。 ATRBAC具有新功能,引入了安全分析的新技术挑战:(i)时间尺寸:每个管理规则中的两个新组件指定可以在哪个时间段执行管理操作,并且用户被授权到角色,(ii)为行政诉讼启用了两种新的规则。我们提出了一个软件工具,我们致电Cree,以便于奥尔巴克政策的安全分析。在Cree中,我们将Atrbac-Safety降低到模拟检查和使用现成的模型检查器NUSMV。 Cree的基础是我们之前的工作的观察,即亚特布克安全是PSPACE。随着模拟检查的有效减少,我们包括Cree Four Techniques,进一步提高性能:多项式时间求解尽可能的,前向和向后修剪,抽象细化和绑定估计。这些是由事先工作的启发,但我们的算法与他们解决了Atrbac介绍的新挑战。我们讨论了我们的Cree设计,以及我们办法的彻底实证评估的结果,以及其他五个现有工具,用于亚特布的安全。我们的结果表明,CREE胜过现有工具的投入类别,而且剩下的表现不佳。我们使Cree提供为公共下载的开源。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号