Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Hunting Brand Domain Forgery: A Scalable Classification for Homograph Attack Read chapter Read first chapter

2019 | OriginalPaper | Chapter

Removing Problems in Rule-Based Policies

Authors : Zheng Cheng, Jean-Claude Royer, Massimo Tisi

Published in: ICT Systems Security and Privacy Protection

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Analyzing and fixing problems of complex rule-based policies, like inconsistencies and conflicts, is a well-known topic in security. In this paper, by leveraging previous work on enumerating all the problematic requests for a rule-based system, we define an operation on the policy that removes these problems. While the final fix remains a typically manual activity, removing conflicts allows the user to work on unambiguous policies, produced automatically. We prove the main properties of the problem removal operation on rule-based systems in first-order logic. We propose an optimized process to automatically perform problem removal by reducing time and size of the policy updates. Finally we apply it to an administrative role-based access control (ARBAC) policy and an attribute-based access control (ABAC) policy, to illustrate its use and performance.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Towards an Automated Extraction of ABAC Constraints from Natural Language Policies
next chapter Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild
Footnotes
1
The original example with comments is available at http://​www3.​cs.​stonybrook.​edu/​~stoller/​ccs2007/​.
 
3
These results were computed with 10 runs when it was sensible in time, that is all cases except three (amongst 530) for the ContinueA policy.
 
Literature
1.
Achlioptas, D., Naor, A., Peres, Y.: Rigorous location of phase transitions in hard optimization problems. Nature 435, 759–764 (2005)CrossRef
2.
3.
4.
Fisler, K., Krishnamurthi, S., Meyerovich, L.A., Tschantz, M.C.: Verification and change-impact analysis of access-control policies. In: International Conference on Software Engineering (2005)
5.
Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Martinez, S., Cabot, J.: Management of stateful firewall misconfiguration. Comput. Secur. 39, 64–85 (2013)CrossRef
6.
7.
Jha, S., Li, N., Tripunitara, M., Wang, Q., Winsborough, W.H.: Towards formal verification of role-based access control policies. IEEE Trans. Dependable Secure Comput. 5(4), 242–255 (2008)CrossRef
8.
9.
Montangero, C., Reiff-Marganiec, S., Semini, L.: Logic-based conflict detection for distributed policies. Fundamantae Informatica 89(4), 511–538 (2008)MathSciNetMATH
10.
11.
12.
Son, S., McKinley, K.S., Shmatikov, V.: Fix Me Up: repairing access-control bugs in web applications. In: 20th Annual Network and Distributed System Security Symposium. Usenix, San Diego (2013)
13.
Stoller, S.D., Yang, P., Ramakrishnan, C.R., Gofman, M.I.: Efficient policy analysis for administrative role based access control. In: Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, 28–31 October 2007, pp. 445–455 (2007)
14.
Metadata
Title
Removing Problems in Rule-Based Policies
Authors
Zheng Cheng
Jean-Claude Royer
Massimo Tisi
Copyright Year
2019
Book
ICT Systems Security and Privacy Protection

Print ISBN: 978-3-030-22311-3

Electronic ISBN: 978-3-030-22312-0

Copyright Year: 2019

DOI
https://doi.org/10.1007/978-3-030-22312-0_9

Premium Partner

    Image Credits