CNR Institutional Research Information System

Access Control is among the most important security mechanisms to put in place in order to secure applications, and XACML is the de facto standard for defining access control policies. As systems and resource utilization evolve, access control policies become increasingly difficult to manage and update according to contextual behaviour. This paper proposes a policy monitoring infrastructure able to identify policy abnormal behaviour and prevent misuse in granting/denying further accesses. This proposal relies on coverage adequacy criteria as well as KPIs definition for assessing the most common usage behaviors and provide feedback for refinement and maintenance of the current access control policy. It integrates a flexible and adaptable event based monitoring facility for run time validation of policy execution. A first validation on an example shows the effectiveness of the proposed approach.

Monitoring of access control policy for refinement and improvements

Calabro' A.;Lonetti F.;Marchetti E.
2018

Abstract

Access Control is among the most important security mechanisms to put in place in order to secure applications, and XACML is the de facto standard for defining access control policies. As systems and resource utilization evolve, access control policies become increasingly difficult to manage and update according to contextual behaviour. This paper proposes a policy monitoring infrastructure able to identify policy abnormal behaviour and prevent misuse in granting/denying further accesses. This proposal relies on coverage adequacy criteria as well as KPIs definition for assessing the most common usage behaviors and provide feedback for refinement and maintenance of the current access control policy. It integrates a flexible and adaptable event based monitoring facility for run time validation of policy execution. A first validation on an example shows the effectiveness of the proposed approach.
2018
Istituto di Scienza e Tecnologie dell'Informazione "Alessandro Faedo" - ISTI
Inglese
Software Quality: Methods and Tools for Better Software and Systems
Contributo
SWQD 2018: Software Quality: Methods and Tools for Better Software and Systems
302
17
36
20
9783319714394
https://link.springer.com/chapter/10.1007/978-3-319-71440-0_2
Sì, ma tipo non specificato
16-19/1/2018
Vienna, Austria
Access control policy
Coverage criteria
KPI
Monitoring
2-s2.0-85041113620
Elettronico
No
3
restricted
Calabro', A.; Lonetti, F.; Marchetti, E.
273
info:eu-repo/semantics/conferenceObject
04 Contributo in convegno::04.01 Contributo in Atti di convegno
04.01 Contributo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
prod_384809-doc_133028.pdf

solo utenti autorizzati

Descrizione: Monitoring of access control policy for refinement and improvements
Tipologia: Versione Editoriale (PDF)
Licenza: NON PUBBLICO - Accesso privato/ristretto
Dimensione 2.82 MB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
2.82 MB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/348525
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 4
  • ???jsp.display-item.citation.isi??? ND
social impact