3 research outputs found
Constructing cascade bloom filters for efficient access enforcement
The final publication is available at Elsevier via https://dx.doi.org/10.1016/j.cose.2018.09.015 © 2019. This manuscript version is made available under the CC-BY-NC-ND 4.0 license https://creativecommons.org/licenses/by-nc-nd/4.0/We address access enforcement — the process of determining whether a request for access to a resource by a principal should be granted. While access enforcement is essential to security, it must not unduly impact performance. Consequently, we address the issue of time- and space-efficient access enforcement, and in particular, study a particular data structure, the Cascade Bloom filter, in this context. The Cascade Bloom filter is a generalization of the well-known Bloom filter, which is used for time- and space-efficient membership-checking in a set, while allowing for a non-zero probability of false positives. We consider the problems, in practice, of constructing Bloom, and Cascade Bloom filters, with our particular application, access enforcement, in mind. We identify the computational complexity of the underlying problems, and propose concrete algorithms to construct instances of the data structures. We have implemented our algorithms, and conducted empirical assessments, which also we discuss in this paper. Our code is available for public download. As such, our work is a contribution to efficient access enforcement
Algorithmic Problems in Access Control
Access control is used to provide regulated access
to resources by principals. It is an important and foundational
aspect of information security. Role-Based Access Control (RBAC) is
a popular and widely-used access control model,
that, as prior work argues,
is ideally suited for enterprise settings. In this dissertation,
we address two problems in the context of RBAC.
One is the User Authorization Query (UAQ) problem, which relates
to sessions that a user creates to exercise permissions.
UAQ's objective is the identification of a
set of roles that a user needs to activate such that the session is
authorized to all permissions that the user wants to exercise in
that session. The roles that are activated must respect
a set of Separation of Duty constraints. Such constraints restrict the
roles that can be activated together in a session.
UAQ is known to be intractable (NP-hard).
In this dissertation, we give a precise formulation of UAQ as a
joint-optimization problem, and analyze it.
We examine the manner in which each input parameter contributes to its
intractability.
We then propose an approach to mitigate its intractability based on
our observation that a corresponding decision version of the problem
is in NP. We efficiently
reduce UAQ to Boolean satisfiability in conjunctive normal form
(CNF-SAT), a well-known
NP-complete problem for which solvers exist that are efficient for large
classes of instances. We also present results for UAQ posed
as an approximation problem; our results
suggest that efficient approximation is not promising for UAQ.
We discuss an open-source implementation of our approach and a
corresponding empirical assessment that we have conducted.
The other problem we consider in this dissertation regards
an efficient data structure for distributed
access enforcement. Access enforcement is the process of validating an access
request to a resource.
Distributed access enforcement has become important
with the proliferation of data, which requires access control systems
to scale to tens of thousands of resources and permissions.
Prior work has shown the effectiveness of a data structure called
the Cascade Bloom Filter (CBF) for this problem.
In this dissertation, we study the construction of instances
of the CBF.
We formulate the problem of finding an optimal instance of a
CBF, where optimality refers to the number of false positives
incurred and the number
of hash functions used. We prove that this problem
is NP-hard, and a meaningful decision version is in NP.
We then propose an approach to mitigate the intractability of
the problem by reducing it to
CNF-SAT, that allows us to use a SAT solver for instances that
arise in practice.
We discuss an open-source implementation of our approach
and an empirical assessment based on it.4 month