DocumentCode
2993927
Title
Application-Sensitive Access Control Evaluation Using Parameterized Expressiveness
Author
Hinrichs, Timothy L. ; Martinoia, Diego ; Garrison, William C. ; Lee, Adam J. ; Panebianco, Alessandro ; Zuck, Lenore
Author_Institution
Dept. of Comput. Sci., Univ. of Illinois at Chicago, Chicago, IL, USA
fYear
2013
fDate
26-28 June 2013
Firstpage
145
Lastpage
160
Abstract
Access control schemes come in all shapes and sizes, which makes choosing the right one for a particular application a challenge. Yet today´s techniques for comparing access control schemes completely ignore the setting in which the scheme is to be deployed. In this paper, we present a formal framework for comparing access control schemes with respect to a particular application. The analyst´s main task is to evaluate an access control scheme in terms of how well it implements a given access control workload (a formalism that we introduce to represent an application´s access control needs). One implementation is better than another if it has stronger security guarantees, and in this paper we introduce several such guarantees: correctness, homomorphism, AC-preservation, safety, administration-preservation, and compatibility. The scheme that admits the implementation with the strongest guarantees is deemed the best fit for the application. We demonstrate the use of our framework by evaluating two workloads on ten different access control schemes.
Keywords
authorisation; task analysis; AC-preservation; access control schemes; access control workload; administration-preservation; application-sensitive access control evaluation; correctness; formal framework; homomorphism; parameterized expressiveness; safety; security guarantees; Authorization; Data structures; Mathematical model; Organizations; Safety;
fLanguage
English
Publisher
ieee
Conference_Titel
Computer Security Foundations Symposium (CSF), 2013 IEEE 26th
Conference_Location
New Orleans, LA
Type
conf
DOI
10.1109/CSF.2013.17
Filename
6595826
Link To Document