Direct Static Enforcement of High-Level Security Policies

Get BibTex-formatted data

Download

PDF

Author

Qihua Wang, Ninghui Li

Tech report number

CERIAS TR 2006-40

Entry type

article

Abstract

A high-level security policy states an overall safety requirement for a sensitive task. One example of a high-level security policy is a separation of duty policy, which requires a sensitive task to be performed by a team of at least k users. Recently, Li and Wang proposed an algebra for specifying a wide range of high-level security policies with both qualification and quantity requirements on users who perform a task. In this paper, we study the problem of direct static enforcement of high-level security policies expressed in this algebra. We formally define the notion of a static safety policy, which requires that every set of users together having all permissions needed to complete a sensitive task must contain a subset that satisfies the corresponding security requirement expressed as a term in the algebra. The static safety checking problem asks whether an access control state satisfies a given high-level policy. We study several computational problems related to the static safety checking problem, and design and evaluate an algorithm for solving the problem.

Download

PDF

Date

2007 – 03 – 20

Key alpha

Access Control

Publisher

ASIACCS

Affiliation

CERIAS and Department of Computer Science, Purdue University

Publication Date

2007-03-20

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ Access Control,
	title = "Direct Static Enforcement of High-Level Security Policies",
	author = "Qihua Wang, Ninghui Li",
	year = "2007",
	month = "03",
	publisher = "ASIACCS ",
	day = "20",
	abstract = "A high-level security policy states an overall safety requirement for a sensitive task. One example of
a high-level security policy is a separation of duty policy, which requires a sensitive task to be performed by a team of at least k users. Recently, Li and Wang proposed an algebra for specifying a wide range
of high-level security policies with both qualification and quantity requirements on users who perform
a task. In this paper, we study the problem of direct static enforcement of high-level security policies
expressed in this algebra. We formally define the notion of a static safety policy, which requires that every set of users together having all permissions needed to complete a sensitive task must contain a
subset that satisfies the corresponding security requirement expressed as a term in the algebra. The static safety checking problem asks whether an access control state satisfies a given high-level policy. We study several computational problems related to the static safety checking problem, and design and evaluate an algorithm for solving the problem.",
	affiliation = "CERIAS and Department of Computer Science, Purdue University",
}