Hierarchical Group and Attribute-Based Access Control: Incorporating Hierarchical Groups and Delegation into Attribute-Based Access Control

Attribute-Based Access Control (ABAC) is a promising alternative to traditional models of access control (i.e. Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role-Based Access control (RBAC)) that has drawn attention in both recent academic literature and industry application. However, formalization of a foundational model of ABAC and large-scale adoption is still in its infancy. The relatively recent popularity of ABAC still leaves a number of problems unexplored. Issues like delegation, administration, auditability, scalability, hierarchical representations, etc. have been largely ignored or left to future work. This thesis seeks to aid in the adoption of ABAC by filling in several of these gaps. The core contribution of this work is the Hierarchical Group and Attribute-Based Access Control (HGABAC) model, a novel formal model of ABAC which introduces the concept of hierarchical user and object attribute groups to ABAC. It is shown that HGABAC is capable of representing the traditional models of access control (MAC, DAC and RBAC) using this group hierarchy and that in many cases it’s use simplifies both attribute and policy administration. HGABAC serves as the basis upon which extensions are built to incorporate delegation into ABAC. Several potential strategies for introducing delegation into ABAC are proposed, categorized into families and the trade-offs of each are examined. One such strategy is formalized into a new User-to-User Attribute Delegation model, built as an extension to the HGABAC model. Attribute Delegation enables users to delegate a subset of their attributes to other users in an off-line manner (not requiring connecting to a third party). Finally, a supporting architecture for HGABAC is detailed including descriptions of services, high-level communication protocols and a new low-level attribute certificate format for exchanging user and connection attributes between independent services. Particular emphasis is placed on ensuring support for federated and distributed systems. Critical components of the architecture are implemented and evaluated with promising preliminary results. It is hoped that the contributions in this research will further the acceptance of ABAC in both academia and industry by solving the problem of delegation as well as simplifying administration and policy authoring through the introduction of hierarchical user groups

Access Control in Industrial Internet of Things

The Industrial Internet of Things (IIoT) is an ecosystem that consists of - among others - various networked sensors and actuators, achieving mainly advancements related with lowering production costs and providing workflow flexibility. Introducing access control in such environments is considered to be challenging, mainly due to the variety of technologies and protocols in IIoT devices and networks. Thus, various access control models and mechanisms should be examined, as well as the additional access control requirements posed by these industrial environments. To achieve these aims, we elaborate on existing state-of-the-art access control models and architectures and investigate access control requirements in IIoT, respectively. These steps provide valuable indications on what type of an access control model and architecture may be beneficial for application in the IIoT. We describe an access control architecture capable of achieving access control in IIoT using a layered approach and based on existing virtualization concepts (e.g., the cloud). Furthermore, we provide information on the functionality of the individual access control related components, as well as where these should be placed in the overall architecture. Considering this research area to be challenging, we finally discuss open issues and anticipate these directions to provide interesting multi-disciplinary insights in both industry and academia

Modelling role hierarchy structure using the Formal Concept Analysis

We demonstrate how one can use the formal concept analysis (FCA) to obtain the role hierarchy for the role based access control from the existing access control matrix. We also discuss assesed by means of FCA the quality of security system and finding users with excess permissions

The Proviado Access Control Model for Business Process Monitoring Components

Integrated process support is highly desirable in environments where data related to a particular business process are scattered over distributed, heterogeneous information systems. A business process monitoring component is a much-needed module in order to provide an integrated view on all these process data. Regarding process visualization and process data integration, access control (AC) issues are very important but also quite complex to be addressed. A major problem arises from the fact that the involved information systems are usually based on heterogeneous AC components. For several reasons, the only feasible way to tackle the problem of AC at the process monitoring level is to define access rights for the process monitoring component, hence getting rid of the burden to map access rights from the information system level. This paper presents the Proviado process visualization framework and discusses requirements for AC in process monitoring, which we derived from our case studies in the automotive domain. It then presents alternative approaches for AC: the view-based and the object-based approach. The latter is retained, and a core AC model is proposed for the definition of access rights that meet the derived requirements. AC mechanisms provided within the core model are key ingredients for the definition of model extensions

Model-Based Analysis of Role-Based Access Control

Model-Driven Engineering (MDE) has been extensively studied. Many directions have been explored, sometimes with the dream of providing a fully integrated approach for designers, developers and other stakeholders to create, reason about and modify models representing software systems. Most, but not all, of the research in MDE has focused on general-purpose languages and models, such as Java and UML. Domain-specific and cross-cutting concerns, such as security, are increasingly essential parts of a software system, but are only treated as second-class citizens in the most popular modelling languages. Efforts have been made to give security, and in particular access control, a more prominent place in MDE, but most of these approaches require advanced knowledge in security, programming (often declarative), or both, making them difficult to use by less technically trained stakeholders. In this thesis, we propose an approach to modelling, analysing and automatically fixing role-based access control (RBAC) that does not require users to write code or queries themselves. To this end, we use two UML profiles and associated OCL constraints that provide the modelling and analysis features. We propose a taxonomy of OCL constraints and use it to define a partial order between categories of constraints, that we use to propose strategies to speed up the models’ evaluation time. Finally, by representing OCL constraints as constraints on a graph, we propose an automated approach for generating lists of model changes that can be applied to an incorrect model in order to fix it. All these features have been fully integrated into a UML modelling IDE, IBM Rational Software Architect

Model-Based Analysis of Role-Based Access Control

Model-Driven Engineering (MDE) has been extensively studied. Many directions have been explored, sometimes with the dream of providing a fully integrated approach for designers, developers and other stakeholders to create, reason about and modify models representing software systems. Most, but not all, of the research in MDE has focused on general-purpose languages and models, such as Java and UML. Domain-specific and cross-cutting concerns, such as security, are increasingly essential parts of a software system, but are only treated as second-class citizens in the most popular modelling languages. Efforts have been made to give security, and in particular access control, a more prominent place in MDE, but most of these approaches require advanced knowledge in security, programming (often declarative), or both, making them difficult to use by less technically trained stakeholders. In this thesis, we propose an approach to modelling, analysing and automatically fixing role-based access control (RBAC) that does not require users to write code or queries themselves. To this end, we use two UML profiles and associated OCL constraints that provide the modelling and analysis features. We propose a taxonomy of OCL constraints and use it to define a partial order between categories of constraints, that we use to propose strategies to speed up the models’ evaluation time. Finally, by representing OCL constraints as constraints on a graph, we propose an automated approach for generating lists of model changes that can be applied to an incorrect model in order to fix it. All these features have been fully integrated into a UML modelling IDE, IBM Rational Software Architect

Matrix Decomposition – Analysis of an Access Control Approach on Transaction-based DAGs without Finality

The Matrix message-oriented middleware (see https://matrix.org) is gaining momentum as a basis for a decentralized, secure messaging system as shown, for example, by its deployment within the French government and by the Mozilla foundation. Thus, understanding the corresponding access control approach is important. This paper provides an ab- straction and an analysis of the access control approach followed by Matrix. We show that Matrix can be seen as a form of Distributed Ledger Technology (DLT) based on Transaction-based Directed Acyclic Graphs (TDAGs). TDAGs connect individual transactions to form a DAG, instead of collecting transactions in blocks as in blockchains. These TDAGs only provide causal order, eventual consistency, and no finality. However, unlike conventional DLTs, Matrix does not aim for a strict system-wide consensus. Thus, there is also no guarantee for a strict consensus on access rights. By de- composition of the Matrix approach, we show that a sound decen- tralized access control can be implemented for TDAGs in general, and for Matrix in particular, despite those weak guarantees. In addition, we discovered security issues in popular implementations and emphasize the need for a formal verification of the employed conflict resolution mechanism

Access control via belnap logic: intuitive, expressive, and analyzable policy composition

Access control to IT systems increasingly relies on the ability to compose policies. There is thus bene t in any framework for policy composition that is intuitive, formal (and so \an- alyzable" and \implementable"), expressive, independent of speci c application domains, and yet able to be extended to create domain-speci c instances. Here we develop such a framework based on Belnap logic. An access-control policy is interpreted as a four-valued predicate that maps access requests to either grant, deny, con ict, or unspeci ed { the four values of the Bel- nap bilattice. We de ne an expressive access-control policy language PBel, having composition operators based on the operators of Belnap logic. Natural orderings on policies are obtained by lifting the truth and information orderings of the Belnap bilattice. These orderings lead to a query language in which policy analyses, e.g. con ict freedom, can be speci ed. Policy analysis is supported through a reduction of the validity of policy queries to the validity of propositional formulas on predicates over access requests. We evaluate our approach through rewall policy and RBAC policy examples, and discuss domain-speci c and generic extensions of our policy language

Optimization of Access Control Policies

Organizations undertake complex and costly projects to model high-quality Access Control Policies (ACPs). Once built, these policies must be maintained and managed in an ongoing process to keep their quality high. Insufficient maintenance leads to inaccurate authorization decisions and increases the policies’ administrative effort and susceptibility to errors. While the initial modeling of ACPs has received significant research interest, their optimization is not yet covered as broadly. This work provides a theoretical foundation for ACP quality and its optimization. Furthermore, it analyzes how existing research addresses optimization of ACPs with regard to six crucial optimization dimensions. It presents a structured literature survey tracing these optimization dimensions, the contributed research artifact and data requirements. Building on this literature catalogue, this work elaborates on inaccuracies for user permission assignments, data availability, minimal perturbation and recommendation-based optimization