DocumentCode
2078769
Title
Decomposing, Comparing, and Synthesizing Access Control Expressiveness Simulations
Author
Garrison, William C. ; Lee, Adam J.
fYear
2015
fDate
13-17 July 2015
Firstpage
18
Lastpage
32
Abstract
Access control is fundamental to computer security, and has thus been the subject of extensive formal study. In particular, relative expressiveness analysis techniques have used formal mappings called simulations to explore whether one access control system is capable of emulating another, thereby comparing the expressive power of these systems. Unfortunately, the notions of expressiveness simulation that have been explored vary widely, which makes it difficult to compare results in the literature, and even leads to apparent contradictions between results. Furthermore, some notions of expressiveness simulation make use of non-determinism, and thus cannot be used to define mappings between access control systems that are useful in practical scenarios. In this work, we define the minimum set of properties for an implementable access control simulation, i.e., a deterministic "recipe" for using one system in place of another. We then define a wide range of properties spread across several dimensions that can be enforced on top of this minimum definition. These properties define a taxonomy that can be used to separate and compare existing notions of access control simulation, many of which were previously incomparable. We position existing notions of simulation within our properties lattice by formally proving each simulation\´s equivalence to a corresponding set of properties. Lastly, we take steps towards bridging the gap between theory and practice by exploring the systems implications of points within our properties lattice. This shows that relative expressive analysis is more than just a theoretical tool, and can also guide the choice of the most suitable access control system for a specific application or scenario.
Keywords
Analytical models; Authorization; Data models; Data structures; Lattices; access control; expressiveness; suitability;
fLanguage
English
Publisher
ieee
Conference_Titel
Computer Security Foundations Symposium (CSF), 2015 IEEE 28th
Conference_Location
Verona, Italy
Type
conf
DOI
10.1109/CSF.2015.9
Filename
7243722
Link To Document