174,646 research outputs found
Static Enforcement of Role-Based Access Control
We propose a new static approach to Role-Based Access Control (RBAC) policy
enforcement. The static approach we advocate includes a new design methodology,
for applications involving RBAC, which integrates the security requirements
into the system's architecture. We apply this new approach to policies
restricting calls to methods in Java applications. We present a language to
express RBAC policies on calls to methods in Java, a set of design patterns
which Java programs must adhere to for the policy to be enforced statically,
and a description of the checks made by our static verifier for static
enforcement.Comment: In Proceedings WWV 2014, arXiv:1409.229
Event Systems and Access Control
We consider the interpretations of notions of access control (permissions,
interdictions, obligations, and user rights) as run-time properties of
information systems specified as event systems with fairness. We give proof
rules for verifying that an access control policy is enforced in a system, and
consider preservation of access control by refinement of event systems. In
particular, refinement of user rights is non-trivial; we propose to combine
low-level user rights and system obligations to implement high-level user
rights
Can the CCPA Access Right Be Saved? Realigning Incentives in Access Request Verification
The California Consumer Privacy Act access right has the potential to give Californians a level of control over their personal information that is unprecedented in the United States. However, consumer privacy interests will be in peril unless the access right is accompanied by an effective access request verification requirement. Requiring companies to respond to access requests when they cannot verify that the requestor is the subject of the requested data puts sensitive personal information at risk. Inversely, allowing companies to shirk their access request responsibilities by claiming that data is unverifiable diminishes consumers’ data control rights. Thus, in the context of access request verification policy, there is an inherent tension between privacy as confidentiality and privacy as control. The success of the access right, and thus all CCPA data control rights, hinges on an access request verification policy that successfully balances these competing privacy interests. The endemic identity theft caused by credit application verification systems demonstrates why such balancing cannot be wholly left to private companies. In the credit context, balancing has been driven by the profit maximization interests of businesses, which currently do not align with consumer privacy interests. Fortunately, several scholars have proposed methods for aligning these divergent interests. The strengths and weaknesses from these proposed solutions to identity theft provide a useful framework for building a system that incentivizes companies to prioritize consumer privacy when developing access request verification systems
Self-Adaptive Role-Based Access Control for Business Processes
© 2017 IEEE. We present an approach for dynamically reconfiguring the role-based access control (RBAC) of information systems running business processes, to protect them against insider threats. The new approach uses business process execution traces and stochastic model checking to establish confidence intervals for key measurable attributes of user behaviour, and thus to identify and adaptively demote users who misuse their access permissions maliciously or accidentally. We implemented and evaluated the approach and its policy specification formalism for a real IT support business process, showing their ability to express and apply a broad range of self-adaptive RBAC policies
Study on Grade Division Policy for Trusted Network
AbstractScholars around the world have carried out extensive research word on architecture, protocols, algorithms and application for trusted network at present, and proposed a variety of network credible verification scheme and control mechanisms. In this paper, a kind of grade division policy for trusted network was provided on the basis of considering both the terminal security and profit of operators. Credible access architecture and certification model were given, and the partition rules of trusted attributes as well as the evaluate methods of grade division were explained in detail. Improved workflow for access to trusted network terminal was provided. Simulations results show that by the proposed framework, not only the safety and reliability of network can be ensured, but also the flexibility of ways to access network was strengthened, and that it can provide support for interoperability of different equipment manufacturers
Access-Network Association Policies for Media Streaming in Heterogeneous Environments
We study the design of media streaming applications in the presence of
multiple heterogeneous wireless access methods with different throughputs and
costs. Our objective is to analytically characterize the trade-off between the
usage cost and the Quality of user Experience (QoE), which is represented by
the probability of interruption in media playback and the initial waiting time.
We model each access network as a server that provides packets to the user
according to a Poisson process with a certain rate and cost. Blocks are coded
using random linear codes to alleviate the duplicate packet reception problem.
Users must take decisions on how many packets to buffer before playout, and
which networks to access during playout. We design, analyze and compare several
control policies with a threshold structure. We formulate the problem of
finding the optimal control policy as an MDP with a probabilistic constraint.
We present the HJB equation for this problem by expanding the state space, and
exploit it as a verification method for optimality of the proposed control law.Comment: submitted to CDC 201
Verifying Policy Enforcers
Policy enforcers are sophisticated runtime components that can prevent
failures by enforcing the correct behavior of the software. While a single
enforcer can be easily designed focusing only on the behavior of the
application that must be monitored, the effect of multiple enforcers that
enforce different policies might be hard to predict. So far, mechanisms to
resolve interferences between enforcers have been based on priority mechanisms
and heuristics. Although these methods provide a mechanism to take decisions
when multiple enforcers try to affect the execution at a same time, they do not
guarantee the lack of interference on the global behavior of the system. In
this paper we present a verification strategy that can be exploited to discover
interferences between sets of enforcers and thus safely identify a-priori the
enforcers that can co-exist at run-time. In our evaluation, we experimented our
verification method with several policy enforcers for Android and discovered
some incompatibilities.Comment: Oliviero Riganelli, Daniela Micucci, Leonardo Mariani, and Yli\`es
Falcone. Verifying Policy Enforcers. Proceedings of 17th International
Conference on Runtime Verification (RV), 2017. (to appear
Deep Learning meets Blockchain for Automated and Secure Access Control
Access control is a critical component of computer security, governing access
to system resources. However, designing policies and roles in traditional
access control can be challenging and difficult to maintain in dynamic and
complex systems, which is particularly problematic for organizations with
numerous resources. Furthermore, traditional methods suffer from issues such as
third-party involvement, inefficiency, and privacy gaps, making transparent and
dynamic access control an ongoing research problem. Moreover detecting
malicious activities and identifying users who are not behaving appropriately
can present notable difficulties. To address these challenges, we propose
DLACB, a Deep Learning Based Access Control Using Blockchain, as a solution to
decentralized access control. DLACB uses blockchain to provide transparency,
traceability, and reliability in various domains such as medicine, finance, and
government while taking advantage of deep learning to not rely on predefined
policies and eventually automate access control. With the integration of
blockchain and deep learning for access control, DLACB can provide a general
framework applicable to various domains, enabling transparent and reliable
logging of all transactions. As all data is recorded on the blockchain, we have
the capability to identify malicious activities. We store a list of malicious
activities in the storage system and employ a verification algorithm to
cross-reference it with the blockchain. We conduct measurements and comparisons
of the smart contract processing time for the deployed access control system in
contrast to traditional access control methods, determining the time overhead
involved. The processing time of DLBAC demonstrates remarkable stability when
exposed to increased request volumes.Comment: arXiv admin note: text overlap with arXiv:2303.1475
- …