IIT Home Page CNR Home Page

Cost-Effective Enforcement of Access and Usage Control Policies under Uncertainties

In Usage CONtrol (UCON) access decisions rely on mutable attributes. A reference monitor should re-evaluate security policies each time attributes change their values. Identifying all attribute changes in a timely manner is a challenging issue, especially if the attribute provider and the reference monitor reside in different security domains. Some attribute changes might be missed, corrupted, and delayed. As a result, the reference monitor may erroneously grant access to malicious users and forbid it for eligible ones.

This paper proposes a set of policy enforcement models which help to mitigate the uncertainties associated with mutable attributes. In our model the reference monitor, as usual, evaluates logical predicates over attributes and, additionally, makes some
estimates on how much observed attribute values differ from the real state of the world. The final access decision takes into account both factors. We assign costs for granting and revoking access to legitimate and malicious users and compare the proposed policy enforcement models in terms of cost-efficiency.


IEEE Systems Journal, 2013

Autori IIT:

Leanid Krautsevich

Foto di Leanid Krautsevich

Aliaksandr Lazouski

Foto di Aliaksandr Lazouski

Tipo: Articoli su riviste non ISI con referee internazionali
Area di disciplina: Information Technology and Communication Systems
Da pagina 223 a pagina 235