A framework for verification and optimal reconfiguration of event-driven role based access control policies

Basit Shafiq, Jaideep Vaidya, Arif Ghafoor, Elisa Bertino

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

Role based access control (RBAC) is the de facto model used for advanced access control due to its inherent richness and flexibility. Despite its great success at modeling a variety of organizational needs, maintaining large complex policies is a challenging problem. Conflicts within policies can expose the underlying system to numerous vulnerabilities and security risks. Therefore, more comprehensive verification tools for RBAC need to be developed to enable effective access control. In this paper, we propose a verification framework for detection and resolution of inconsistencies and conflicts in policies modeled through event-driven RBAC, an important subset of generalized temporal RBAC applicable to many domains, such as SCADA systems. We define the conflict resolution problem and propose an integer programming based heuristic. The proposed approach is generic and can be tuned to a variety of optimality measures.

Original languageEnglish (US)
Title of host publicationSACMAT'12 - Proceedings of the 17th ACM Symposium on Access Control Models and Technologies
Pages197-208
Number of pages12
DOIs
StatePublished - Jul 25 2012
Event17th ACM Symposium on Access Control Models and Technologies, SACMAT'12 - Newark, NJ, United States
Duration: Jun 20 2012Jun 22 2012

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Other

Other17th ACM Symposium on Access Control Models and Technologies, SACMAT'12
CountryUnited States
CityNewark, NJ
Period6/20/126/22/12

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems

Keywords

  • Access control
  • Conflict resolution
  • Policy verification

Fingerprint Dive into the research topics of 'A framework for verification and optimal reconfiguration of event-driven role based access control policies'. Together they form a unique fingerprint.

  • Cite this

    Shafiq, B., Vaidya, J., Ghafoor, A., & Bertino, E. (2012). A framework for verification and optimal reconfiguration of event-driven role based access control policies. In SACMAT'12 - Proceedings of the 17th ACM Symposium on Access Control Models and Technologies (pp. 197-208). (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT). https://doi.org/10.1145/2295136.2295172