Verification of Resilience Policies that Assist Attribute Based Access Control

Gouglidis, Antonios and Hu, Vincent C. and Busby, Jeremy Simon and Hutchison, David (2017) Verification of Resilience Policies that Assist Attribute Based Access Control. In: ABAC '17 Proceedings of the 2nd ACM Workshop on Attribute-Based Access Control :. ACM, USA, pp. 43-52. ISBN 9781450349109

[thumbnail of ABAC-2017-CM]
Preview
PDF (ABAC-2017-CM)
ABAC_2017_CM.pdf - Accepted Version

Download (1MB)

Abstract

Access control offers mechanisms to control and limit the actions or operations that are performed by a user on a set of resources in a system. Many access control models exist that are able to support this basic requirement. One of the properties examined in the context of these models is their ability to successfully restrict access to resources. Nevertheless, considering only restriction of access may not be enough in some environments, as in critical infrastructures. The protection of systems in this type of environment requires a new line of enquiry. It is essential to ensure that appropriate access is always possible, even when users and resources are subjected to challenges of various sorts. Resilience in access control is conceived as the ability of a system not to restrict but rather to ensure access to resources. In order to demonstrate the application of resilience in access control, we formally define an attribute based access control model (ABAC) based on guidelines provided by the National Institute of Standards and Technology (NIST). We examine how ABAC-based resilience policies can be specified in temporal logic and how these can be formally verified. The verification of resilience is done using an automated model checking technique, which eventually may lead to reducing the overall complexity required for the verification of resilience policies and serve as a valuable tool for administrators.

Item Type:
Contribution in Book/Report/Proceedings
Additional Information:
© ACM, 2017. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in ABAC '17 Proceedings of the 2nd ACM Workshop on Attribute-Based Access Control http://dx.doi.org/10.1145/3041048.3041049
ID Code:
84251
Deposited By:
Deposited On:
27 Jan 2017 09:28
Refereed?:
Yes
Published?:
Published
Last Modified:
26 Oct 2024 00:44