• DocumentCode
    2993927
  • Title

    Application-Sensitive Access Control Evaluation Using Parameterized Expressiveness

  • Author

    Hinrichs, Timothy L. ; Martinoia, Diego ; Garrison, William C. ; Lee, Adam J. ; Panebianco, Alessandro ; Zuck, Lenore

  • Author_Institution
    Dept. of Comput. Sci., Univ. of Illinois at Chicago, Chicago, IL, USA
  • fYear
    2013
  • fDate
    26-28 June 2013
  • Firstpage
    145
  • Lastpage
    160
  • Abstract
    Access control schemes come in all shapes and sizes, which makes choosing the right one for a particular application a challenge. Yet today´s techniques for comparing access control schemes completely ignore the setting in which the scheme is to be deployed. In this paper, we present a formal framework for comparing access control schemes with respect to a particular application. The analyst´s main task is to evaluate an access control scheme in terms of how well it implements a given access control workload (a formalism that we introduce to represent an application´s access control needs). One implementation is better than another if it has stronger security guarantees, and in this paper we introduce several such guarantees: correctness, homomorphism, AC-preservation, safety, administration-preservation, and compatibility. The scheme that admits the implementation with the strongest guarantees is deemed the best fit for the application. We demonstrate the use of our framework by evaluating two workloads on ten different access control schemes.
  • Keywords
    authorisation; task analysis; AC-preservation; access control schemes; access control workload; administration-preservation; application-sensitive access control evaluation; correctness; formal framework; homomorphism; parameterized expressiveness; safety; security guarantees; Authorization; Data structures; Mathematical model; Organizations; Safety;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Foundations Symposium (CSF), 2013 IEEE 26th
  • Conference_Location
    New Orleans, LA
  • Type

    conf

  • DOI
    10.1109/CSF.2013.17
  • Filename
    6595826