The computational complexity of enforceability validation for generic access control rules

Author

Hu, Vincent C. ; Kuhn, D. Richard ; Ferraiolo, David F.

Author_Institution

Nat. Inst. of Stand. & Technol., Gaithersburg, MD

Volume

1

fYear

2006

fDate

5-7 June 2006

Abstract

In computer security, many researches have tackled on the possibility of a unified model of access control, which could enforce any access control policies within a single unified system. One issue that must be considered is the efficiency of such systems, i.e., what is the computational complexity for the enforce ability validation of access control rules of a system that is capable of implementing any access control policy? We investigate this question by arguing that two fundamental requirements exist for any such system: satisfiability of access rules and ensuring absence of deadlock among rules. We then show that both of these problems are NP-complete by using some basic computational theorems applied to the components of the generic access control process

Keywords

computational complexity; optimisation; security of data; telecommunication security; NP-complete problem; computational complexity; computer security; generic access control process; unified model; Access control; Authentication; Authorization; Computational complexity; Computer security; Control system analysis; Databases; NIST; Safety; System recovery;

fLanguage

English

Publisher

ieee

Conference_Titel

Sensor Networks, Ubiquitous, and Trustworthy Computing, 2006. IEEE International Conference on

Conference_Location

Taichung

Print_ISBN

0-7695-2553-9

Type

conf

DOI

10.1109/SUTC.2006.1636184

Filename

1636184