The Authorization Policy Existence Problem

Constraints such as separation-of-duty are widely used to specify requirements that supplement basic authorization policies. However, the existence of constraints (and authorization policies) may mean that a user is unable to fulfill her/his organizational duties because access to resources has been...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:IEEE transactions on dependable and secure computing Ročník 17; číslo 6; s. 1333 - 1344
Hlavní autori: Berge, Pierre, Crampton, Jason, Gutin, Gregory, Watrigant, Remi
Médium: Journal Article
Jazyk:English
Vydavateľské údaje: Washington IEEE 01.11.2020
IEEE Computer Society
Predmet:
Access control
Algorithms
Authorization
Complexity theory
Computational complexity
Cybersecurity
fixed-parameter tractability
Organizations
Policies
Questions
Resilience
resiliency
satisfiability
Workflow
ISSN:1545-5971, 1941-0018
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:Constraints such as separation-of-duty are widely used to specify requirements that supplement basic authorization policies. However, the existence of constraints (and authorization policies) may mean that a user is unable to fulfill her/his organizational duties because access to resources has been denied. In short, there is a tension between the need to protect resources (using policies and constraints) and the availability of resources. Recent work on workflow satisfiability and resiliency in access control asks whether this tension compromises the ability of an organization to achieve its objectives. In this paper, we develop a new method of specifying constraints which subsumes much related work and allows a wider range of constraints to be specified. The use of such constraints leads naturally to a range of questions related to "policy existence", where a positive answer means that an organization's objectives can be realized. We analyze the complexity of these policy existence questions and, for particular sub-classes of constraints defined by our language, develop fixed-parameter tractable algorithms to solve them.<xref rid="fn1" ref-type="fn"> 1 1. An extended abstract of this paper appeared in the Proceedings of the Seventh ACM Conference on Data and Application Security and Privacy <xref ref-type="bibr" rid="ref1">[1] . Research was partially supported by Leverhulme Trust grant RPG-2018-161 and Royal Society Wolfson Research Merit Award.
Bibliografia:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2018.2883416