scholarly journals MUTATION TESTING OF ACCESS CONTROL POLICIES

2021 ◽  
Vol 5 (1) ◽  
pp. 118-122
Author(s):  
Galina Cherneva ◽  
Pavlо Khalimov
Keyword(s):  
Access Control ◽  
Computer Security ◽  
Large Degree ◽  
Control Model ◽  
Security Requirements ◽  
Direct Access ◽  
Access Control Model ◽  
Control Policies ◽  
Modern Computer ◽  
Access Control Policies

One of the most important and integral components of modern computer security are access control systems. The objective of an access control system (ACS) is often described in terms of protecting system resources against inappropriate or unwanted user access. However, a large degree of sharing can interfere with the protection of resources, so a sufficiently detailed AC policy should allow selective exchange of information when, in its absence, sharing can be considered too risky in general. Erroneous configurations, faulty policies, as well as flaws in the implementation of software can lead to global insecurity. Identifying the differences between policy specifications and their intended functions is crucial because the correct implementation and enforcement of the policies of a particular application is based on the premise that the specifications of this policy are correct. As a result of the policy, the specifications presented by the models must undergo rigorous validation and legalization through systematic checks and tests to ensure that the specifications of the policies really correspond to the wishes of the creators. Verifying that access control policies and models are consistent is not a trivial and critical task. And one of the important aspects of such a check is a formal check for inconsistency and incompleteness of the model, and the security requirements of the policy, because the access control model and its implementation do not necessarily express policies that can also be hidden, embedded by mixing with direct access restrictions or another access control model.

Supporting Complex Access Control Policy in PDM System

2009 ◽  
Vol 16-19 ◽  
pp. 703-707
Author(s):  
Chun Xiao Ye ◽  
Yun Qing Fu ◽  
Hong Xiang
Keyword(s):  
Access Control ◽  
Control Policy ◽  
Control Model ◽  
Access Control Policy ◽  
Access Control Model ◽  
Control Policies ◽  
Role Assignment ◽  
Access Control Policies ◽  
Extended Access ◽  
Model Complex

Based on previous works, this paper proposed an extended access control model for PDM system. In this model, complex access control policies are expressed and enforced to ensure the security of user role assignment, delegation and revocation of PDM system. To reduce system administrator’s work, the model provides an auto revocation mechanism which can be triggered by time, access control policies and user states. This paper also propose an implementation system architecture, an auto revocation algorithm and some examples to show how this complex policy supported access control model works in PDM system.

scholarly journals A Watermark-Based in-Situ Access Control Model for Image Big Data

2018 ◽  
Vol 10 (8) ◽  
pp. 69 ◽  
Author(s):  
Jinyi Guo ◽  
Wei Ren ◽  
Yi Ren ◽  
Tianqin Zhu
Keyword(s):  
Big Data ◽  
Access Control ◽  
Control Model ◽  
Single Image ◽  
Access Control Model ◽  
Control Policies ◽  
Fine Grained ◽  
Access Control Policies ◽  
Proposed Model

When large images are used for big data analysis, they impose new challenges in protecting image privacy. For example, a geographic image may consist of several sensitive areas or layers. When it is uploaded into servers, the image will be accessed by diverse subjects. Traditional access control methods regulate access privileges to a single image, and their access control strategies are stored in servers, which imposes two shortcomings: (1) fine-grained access control is not guaranteed for areas/layers in a single image that need to maintain secret for different roles; and (2) access control policies that are stored in servers suffers from multiple attacks (e.g., transferring attacks). In this paper, we propose a novel watermark-based access control model in which access control policies are associated with objects being accessed (called an in-situ model). The proposed model integrates access control policies as watermarks within images, without relying on the availability of servers or connecting networks. The access control for images is still maintained even though images are redistributed again to further subjects. Therefore, access control policies can be delivered together with the big data of images. Moreover, we propose a hierarchical key-role-area model for fine-grained encryption, especially for large size images such as geographic maps. The extensive analysis justifies the security and performance of the proposed model

Adding Context into an Access Control Model for Computer Security Policy

2011 ◽  
pp. 439-456
Author(s):  
Shangping Ren ◽  
Jeffrey J.P. Tsai ◽  
Ophir Frieder
Keyword(s):  
Access Control ◽  
Computer Security ◽  
Security Policy ◽  
Contextual Information ◽  
Control Model ◽  
External Information ◽  
Role Based Access Control ◽  
Access Control Model ◽  
Role Based ◽  
Access Policies

In this chapter, we present the role-based context constrained access control (RBCC) model. The model integrates contextual constraints specified in first-order logic with the standard role-based access control (RBAC). In the RBCC access control model, the permission assignment functions are constrained by the user’s current accessing contexts. The accessing contests are further categorized in two classes, that is, system contexts and application contexts. System contexts may contain accessing time, accessing location, and other security-related system information; while application contexts are abstractions of relationships among different types of entities (i.e., subjects, roles, and objects) as well as implicit relationships derived from protected information content and external information. The ability to integrate contextual information allows the RBCC model to be flexible and capable of specifying a variety of complex access policies and providing tight and just-intime permission activations. A set of medical domain examples will be used to demonstrate the expressiveness of the RBCC model.

Parallel Access Control Model in Cross-Domain Grid Computing Environment

2018 ◽  
Vol 9 (1) ◽  
pp. 50-65
Author(s):  
Sarra Namane ◽  
Nassira Ghoualmi
Keyword(s):  
Access Control ◽  
Grid Computing ◽  
Control Model ◽  
Security Requirements ◽  
Access Control Model ◽  
Cross Domain ◽  
Proposed Model ◽  
Security Challenges ◽  
Role Mapping ◽  
Parallel Access

Despite the various attractive features that grid computing has to offer, it has many great security challenges, such as access control. With the expansion of the network scale, a large number of authorization requests have to be treated; on the other hand, the multi-domain nature of grid computing generates difficult to manage questions about cross-domain access control, and a variety of solutions use the role mapping mechanism to allow collaborations between domains. But this mechanism gives a potential risk of violating consistency properties of domains. This article aims to address this issue and proposes a parallel access control model in cross-domain grid computing architecture to be more convenient to the security requirements of the multi-domain environment. Finally, as a proof of concept, the authors implement a cross-domain and parallel authorization simulator (CD-PAS) where experiments are done. The obtained results show that the proposed model is sensitive to the number of authorization requests. In addition, it can effectively reduce the execution time of access control mechanism.

scholarly journals An Algebraic Model to Analyze Role-Based Access Control Policies

2018 ◽  
Vol 12 (10) ◽  
pp. 50
Author(s):  
Khair Eddin Sabri
Keyword(s):  
Access Control ◽  
Algebraic Model ◽  
Control Model ◽  
Role Based Access Control ◽  
Access Control Model ◽  
Prototype Tool ◽  
Access Control Policies ◽  
Proposed Model ◽  
Access Information ◽  
Role Based

Role-Based Access Control (RBAC) is a well known access control model used to preserve the confidentiality of information by specifying the ability of users to access information based on their roles. Usually these policies would be manipulated by combining or comparing them especially when defined in a distributed way. Furthermore, these policies should satisfy predefined authorization constraints. In this paper, we present an algebraic model for specifying and analyzing RBAC policies. The proposed model enables us to specify policies and verify the satisfaction of predefined authorization constraints. Furthermore, the model allows us to combine policies and analyze their effect on predefined constraints. The model consists of few operators that give simplicity in specifying polices. We present a prototype tool used for facilitating the analysis.

Access Control Specification in UML

2009 ◽  
pp. 2775-2794
Author(s):  
Manuel Koch ◽  
Francesco Parisi-Presicce ◽  
Karl Pauls
Keyword(s):  
Access Control ◽  
Formal Semantics ◽  
Control Model ◽  
Security Requirements ◽  
Policy Rules ◽  
Secure Systems ◽  
Distributed Object ◽  
Access Control Policies ◽  
Uml Diagrams ◽  
Distributed Object Systems

Security requirements have become an integral part of most modern soft¬ware systems. In order to produce secure systems, it is necessary to provide soft¬ware engineers with the appropriate systematic support. This chapter discusses a methodology to integrate the specification of access control policies into UML. The methodology, along with the graph-based formal semantics for the UML access control specification, allows to reason about the coherence of the access control spec¬ification. The chapter also presents a procedure to modify policy rules to guarantee the satisfaction of constraints, and shows how to generate access control requirements from UML diagrams. The main concepts in the UML access control specification are illustrated with an example access control model for distributed object systems.

G-R_TRBAC access control model in grid environment

2009 ◽  
Vol 28 (12) ◽  
pp. 3214-3216
Author(s):  
Yi DING ◽  
Yong FANG ◽  
An-min ZHOU ◽  
Jiao ZENG ◽  
Yu FAN
Keyword(s):  
Access Control ◽  
Control Model ◽  
Grid Environment ◽  
Access Control Model
Sign in / Sign up

Export Citation Format

Share Document