Title :
The computational complexity of enforceability validation for generic access control rules
Author :
Hu, Vincent C. ; Kuhn, D. Richard ; Ferraiolo, David F.
Author_Institution :
Nat. Inst. of Stand. & Technol., Gaithersburg, MD
Abstract :
In computer security, many researches have tackled on the possibility of a unified model of access control, which could enforce any access control policies within a single unified system. One issue that must be considered is the efficiency of such systems, i.e., what is the computational complexity for the enforce ability validation of access control rules of a system that is capable of implementing any access control policy? We investigate this question by arguing that two fundamental requirements exist for any such system: satisfiability of access rules and ensuring absence of deadlock among rules. We then show that both of these problems are NP-complete by using some basic computational theorems applied to the components of the generic access control process
Keywords :
computational complexity; optimisation; security of data; telecommunication security; NP-complete problem; computational complexity; computer security; generic access control process; unified model; Access control; Authentication; Authorization; Computational complexity; Computer security; Control system analysis; Databases; NIST; Safety; System recovery;
Conference_Titel :
Sensor Networks, Ubiquitous, and Trustworthy Computing, 2006. IEEE International Conference on
Conference_Location :
Taichung
Print_ISBN :
0-7695-2553-9
DOI :
10.1109/SUTC.2006.1636184
