Decidable Administrative Controls based on Security Properties
نویسندگان
چکیده
It is a desirable goal for a protection system to be expressive (providing the desired protections), robust (enabling the system to change without invalidating protections), and analyzable (so it can be understood which protections are provided). Of particular interest in analyzing a system is the decidability of security properties. If the system is not analyzable, how does one know what protections are being provided? Protections can be provided at two levels: the ordinary privileges and the ability to change the system via administrative controls. Administrative controls provide a graceful means to perform the inevitable modifications to the system, that is to provide robust protection systems. To date, existing protection systems are able to achieve at most two of expressibility, robustness, and decidability. In this paper, we explore administrative controls which enable the security properties of information flow to be selectively enforced, and show that they have decidable information flow security properties, thus simultaneously achieving all three of these goals.
منابع مشابه
Security Property Based Administrative Controls
Access control languages which support administrative controls, and thus allow the ordinary permissions of a system to change, have traditionally been constructed with first order predicate logic or graph rewriting rules. We introduce a new access control model to implement administrative controls directly in terms of the security properties—we call this Security Property Based Administrative C...
متن کاملThe Practical Application of a Decidable Access Model
While the safety of a number of access models has been formally established, few of these models are reflected in real systems. Most currently deployed commodity systems are based on access models that have been formally proven either unsafe or undecidable. Models that are decidable and safe, such as take-grant, fail to model issues that are needed to account for safety and security in capabili...
متن کاملBeyond Proof-of-Compliance: Safety and Availability Analysis in Trust Management
Trust management is a form of distributed access control using distributed policy statements. Since one party may delegate partial control to another party, it is natural to ask what permissions may be granted as the result of policy changes by other parties. We study security properties such as safety and availability for a family of trust management languages, devising algorithms for deciding...
متن کاملA Constraint-Based Algorithm for Contract-Signing Protocols
Research on the automatic analysis of cryptographic protocols has so far mainly concentrated on reachability properties, such as secrecy and authentication. Only recently it was shown that certain game-theoretic security properties, such as balance for contract-signing protocols, are decidable in a Dolev-Yao style model with a bounded number of sessions but unbounded message size. However, this...
متن کاملThe typed access matrix model
The access matrix model as formalized by Harrison, Ruzzo, and Ullman (HRU) has broad expressive power. Unfortunately, HRU has weak safety properties (i.e., the determination of whether or not a given subject can ever acquire access to a given object). Most security policies of practical interest fall into the undecidable cases of HRU. This is true even for monotonic policies (i.e., where access...
متن کامل