Checking Policy Enforcement in an Access Control Aspect Model
نویسندگان
چکیده
From a software design perspective, access control policies are requirements that must be addressed in a design. For example, access control policies are constraints that determine the type of access authorized users have on information resources. In this paper, we show how one can formulate access control policies as a policy model, formulate an access control aspect model that enforces policies as an aspect, and verify whether the aspect model enforces the given policies or not. As an access control policy example, we use Role-Based Access Control (RBAC).
منابع مشابه
General Methods for Access Control Policy Verification
Access control systems are among the most critical of computer security components. Faulty policies, misconfigurations, or flaws in software implementations can result in serious vulnerabilities. To formally and precisely capture the security properties that access control should adhere to, access control models are usually written, bridging the gap in abstraction between policies and mechanism...
متن کاملEnforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملRole Slices and Runtime Permissions: Improving an AOP-based access control schema
In this paper, we present several issues that need to be addressed to incorporate dynamic permissions –permissions depending on runtime elements– into our current approach to model access control: the role slice. We summarize four tasks that conforms to our future research directions: extending the role-slice artifact to represent permissions based on runtime elements; refining the rules that r...
متن کاملStatic Enforcement of Static Separation-of-Duty Policies in Usage Control Authorization Models
Separation-of-Duty (SoD) is a fundamental security principle for prevention of fraud and errors in computer security. It has been studied extensively in traditional access control models. However, the research of SoD policy in the recently proposed usage control (UCON) model has not been well studied. This paper formulates and studies the fundamental problem of static enforcement of static SoD ...
متن کاملAccess control in ultra-large-scale systems using a data-centric middleware
The primary characteristic of an Ultra-Large-Scale (ULS) system is ultra-large size on any related dimension. A ULS system is generally considered as a system-of-systems with heterogeneous nodes and autonomous domains. As the size of a system-of-systems grows, and interoperability demand between sub-systems is increased, achieving more scalable and dynamic access control system becomes an im...
متن کامل