Constructing cascade bloom filters for efficient access enforcement

The final publication is available at Elsevier via https://dx.doi.org/10.1016/j.cose.2018.09.015 © 2019. This manuscript version is made available under the CC-BY-NC-ND 4.0 license https://creativecommons.org/licenses/by-nc-nd/4.0/We address access enforcement — the process of determining whether a request for access to a resource by a principal should be granted. While access enforcement is essential to security, it must not unduly impact performance. Consequently, we address the issue of time- and space-efficient access enforcement, and in particular, study a particular data structure, the Cascade Bloom filter, in this context. The Cascade Bloom filter is a generalization of the well-known Bloom filter, which is used for time- and space-efficient membership-checking in a set, while allowing for a non-zero probability of false positives. We consider the problems, in practice, of constructing Bloom, and Cascade Bloom filters, with our particular application, access enforcement, in mind. We identify the computational complexity of the underlying problems, and propose concrete algorithms to construct instances of the data structures. We have implemented our algorithms, and conducted empirical assessments, which also we discuss in this paper. Our code is available for public download. As such, our work is a contribution to efficient access enforcement

Algorithmic Problems in Access Control

Access control is used to provide regulated access to resources by principals. It is an important and foundational aspect of information security. Role-Based Access Control (RBAC) is a popular and widely-used access control model, that, as prior work argues, is ideally suited for enterprise settings. In this dissertation, we address two problems in the context of RBAC. One is the User Authorization Query (UAQ) problem, which relates to sessions that a user creates to exercise permissions. UAQ's objective is the identification of a set of roles that a user needs to activate such that the session is authorized to all permissions that the user wants to exercise in that session. The roles that are activated must respect a set of Separation of Duty constraints. Such constraints restrict the roles that can be activated together in a session. UAQ is known to be intractable (NP-hard). In this dissertation, we give a precise formulation of UAQ as a joint-optimization problem, and analyze it. We examine the manner in which each input parameter contributes to its intractability. We then propose an approach to mitigate its intractability based on our observation that a corresponding decision version of the problem is in NP. We efficiently reduce UAQ to Boolean satisfiability in conjunctive normal form (CNF-SAT), a well-known NP-complete problem for which solvers exist that are efficient for large classes of instances. We also present results for UAQ posed as an approximation problem; our results suggest that efficient approximation is not promising for UAQ. We discuss an open-source implementation of our approach and a corresponding empirical assessment that we have conducted. The other problem we consider in this dissertation regards an efficient data structure for distributed access enforcement. Access enforcement is the process of validating an access request to a resource. Distributed access enforcement has become important with the proliferation of data, which requires access control systems to scale to tens of thousands of resources and permissions. Prior work has shown the effectiveness of a data structure called the Cascade Bloom Filter (CBF) for this problem. In this dissertation, we study the construction of instances of the CBF. We formulate the problem of finding an optimal instance of a CBF, where optimality refers to the number of false positives incurred and the number of hash functions used. We prove that this problem is NP-hard, and a meaningful decision version is in NP. We then propose an approach to mitigate the intractability of the problem by reducing it to CNF-SAT, that allows us to use a SAT solver for instances that arise in practice. We discuss an open-source implementation of our approach and an empirical assessment based on it.4 month