Towards Automatic Update of Access Control Policy
نویسندگان
چکیده
Role-based access control (RBAC) has significantly simplified the management of users and permissions in computing systems. In dynamic environments, systems are subject to changes, so that the associated configurations need to be updated accordingly in order to reflect the systems’ evolution. Access control update is complex, especially for large-scale systems; because the updated system is expected to meet necessary constraints. This paper presents a tool, RoleUpdater, which answers administrators’ high-level update request for rolebased access control systems. RoleUpdater is able to automatically check whether a required update is achievable and, if so, to construct a reference model. In light of this model, administrators could fulfill the changes to RBAC systems. RoleUpdater is able to cope with practical update requests, e.g., that include role hierarchies and administrative rules in effect. Moreover, RoleUpdater can also provide minimal update in the sense that no redundant changes are implemented.
منابع مشابه
An automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملDynamic Policy Update for Ciphertext-Policy Attribute-Based Encryption
Ciphertext-policy attribute-based encryption (CP-ABE) is regarded as a promising cryptographic tool for encrypted access control in public cloud storage systems. However, a problem for CP-ABE schemes is that there is no way to change access policy on ciphertext once it is generated. This shortcoming makes us cannot conveniently use CP-ABE as traditional 1-to-1 public key encryption when the acc...
متن کاملDeclaration and Translation of Spatial Access Control Policy
Access control service is used to solve the controllability problem of data and service, access control system is finally deployed in the form of policy. The description forms of policy are different in the stage of configuration and deployment. Safety policy translation model is used to realize configuration policy and automatic translation of deployment policy. However, currently it lacks aut...
متن کاملConcurrent and Real-Time Update of Access Control Policies
Access control policies are security policies that govern access to resources. Real-time update of access control policies, that is, updating policies while they are in effect and enforcing the changes immediately, is necessary for many security-critical applications. In this paper, we consider real-time update of access control policies in a database system. We consider an environment in which...
متن کاملCAMAC: a context-aware mandatory access control model
Mandatory access control models have traditionally been employed as a robust security mechanism in multilevel security environments such as military domains. In traditional mandatory models, the security classes associated with entities are context-insensitive. However, context-sensitivity of security classes and flexibility of access control mechanisms may be required especially in pervasive c...
متن کامل