Title :
Cost-effective enforcement of UCONA policies
Author :
Krautsevich, Leanid ; Lazouski, Aliaksandr ; Martinelli, Fabio ; Yautsiukhin, Artsiom
Author_Institution :
Dept. of Comput. Sci., Univ. of Pisa, Pisa, Italy
Abstract :
In Usage CONtrol (UCON) access decisions rely on mutable attributes. A reference monitor should re-evaluate security policies each time when attributes change their values. Catching timely all attribute changes is a challenging issue, especially if the attribute provider and the reference monitor reside in different security domains. Some attribute changes might be missed, corrupted, and delayed. As a result, the reference monitor may erroneously grant the access to malicious users and forbid it for eligible users. This paper proposes a set of policy enforcement models which help to tolerate uncertainties associated with mutable attributes. In our model the reference monitor as usually evaluates logical predicates over attributes and additionally makes some estimates on how much observed attribute values differ from the real state of the world. The final access decision counts both factors. We assign monetary outcomes for granting and revoking access to legitimate and malicious users and compare the proposed policy enforcement models in terms of cost-efficiency.
Keywords :
security of data; cost-effective enforcement; mutable attributes; policy enforcement models; reference monitor; security policy; usage control access decision; Authorization; Computational modeling; Markov processes; Monitoring; Uncertainty; Cost; Markov Chain; Mutable Attribute; Policy Enforcement; Usage Control;
Conference_Titel :
Risk and Security of Internet and Systems (CRiSIS), 2011 6th International Conference on
Conference_Location :
Timisoara
Print_ISBN :
978-1-4577-1890-8
Electronic_ISBN :
978-1-4577-1889-2
DOI :
10.1109/CRiSIS.2011.6061833
