In Usage CONtrol (UCON) access decisions rely on mutable attributes. A reference monitor should re-evaluate security policies each time attributes change their values. Identifying all attribute changes in a timely manner is a challenging issue, especially if the attribute provider and the reference monitor reside in different security domains. Some attribute changes might be missed, corrupted, and delayed. As a result, the reference monitor may erroneously grant access to malicious users and forbid it for eligible ones. This paper proposes a set of policy enforcement models which help to mitigate the uncertainties associated with mutable attributes. In our model the reference monitor, as usual, evaluates logical predicates over attributes and, additionally, makes some estimates on how much observed attribute values differ from the real state of the world. The final access decision takes into account both factors. We assign costs for granting and revoking access to legitimate and malicious users and compare the proposed policy enforcement models in terms of cost-efficiency.

Cost-Effective Enforcement of Access and Usage Control Policies under Uncertainties

Leanid Krautsevich;Aliaksandr Lazouski;Fabio Martinelli;Artsiom Yautsiukhin
2013

Abstract

In Usage CONtrol (UCON) access decisions rely on mutable attributes. A reference monitor should re-evaluate security policies each time attributes change their values. Identifying all attribute changes in a timely manner is a challenging issue, especially if the attribute provider and the reference monitor reside in different security domains. Some attribute changes might be missed, corrupted, and delayed. As a result, the reference monitor may erroneously grant access to malicious users and forbid it for eligible ones. This paper proposes a set of policy enforcement models which help to mitigate the uncertainties associated with mutable attributes. In our model the reference monitor, as usual, evaluates logical predicates over attributes and, additionally, makes some estimates on how much observed attribute values differ from the real state of the world. The final access decision takes into account both factors. We assign costs for granting and revoking access to legitimate and malicious users and compare the proposed policy enforcement models in terms of cost-efficiency.
2013
Istituto di informatica e telematica - IIT
Costs
Freshness
Markov Chains
Mutable Attribute
Policy Enforcement
usage control
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/251907
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact