towards automatic update of access control policy
play

Towards Automatic Update of Access Control Policy Jinwei Hu, Yan - PowerPoint PPT Presentation

Apr 02, 2023 •350 likes •633 views

Towards Automatic Update of Access Control Policy Jinwei Hu, Yan Zhang, Ruixuan Li Huazhong University of Science and Technology, Wuhan, China University of Western Sydney, Sydney, Australia jwhu@hust.edu.cn 1 Contents Motivations and

  1. Towards Automatic Update of Access Control Policy Jinwei Hu, Yan Zhang, Ruixuan Li Huazhong University of Science and Technology, Wuhan, China University of Western Sydney, Sydney, Australia jwhu@hust.edu.cn 1

  2. Contents • Motivations and Background • Key Questions • Ideas • Conclusions 2

  3. Contents • Motivations and Background • Key Questions • Ideas • Conclusions 3

  4. Motivations - Why Update? • Misconfigurations [ SACMAT’08, USENIX SEC’10] • Permission Assignment - A new user joins - Task assignment • Property satisfactions [ TISSEC] • Requirement dynamics [ CACM] 4

  5. Workflow of manual update specify update constraints observe the system and update constraints perform some operations Are all check system and constraints changes necessary? yes undo operations constraints violated? no yes update achieved? no Is the update no achievable at give up? atll? yes end 5

  6. Background - RBAC Systems • Role-based access control 6

  7. Contents • Motivations and Background • Key Questions • Ideas • Conclusions 7

  8. Key Questions • Q1: What is the update objective? - Assign { p 5 ,p 8 ,p 9 } via { r 1 , r 2 , r 3 , r 4 , r 5 , r 6 } 8

  9. Key Questions • Q1: What is the update objective? • Q2: Who is to implement the update? - Different administrators come with different power. - Interactions/ dependencies among administrators. 9

  10. Key Questions • Q1: What is the update objective? • Q2: Who is to implement the update? • Q3: What is the system behavior after update? - Can users still perform their works? 1 0

  11. Consideration of Q3 • Users’ permissions vary within range [ lower bound, upper bound ] - transparency to users - maintain access control system functions smoothly 1 1

  12. Key Questions • Q1: What is the update objective? • Q2: Who is to implement the update? • Q3: What is the system behavior after update? • Q4: What are the tolerable changes to roles and role hierarchies? 1 2

  13. Consideration of Q4 • Role definitions - in terms of permissions, e.g., student = { use_printer, use_lab, … } • Top-down - Business meanings, semantics • Bottom-up - role engineering/ mining • Role definitions change as needed? No change at all? 1 3

  14. Key Questions • Q1: What is the update objective? • Q2: Who is to implement the update? • Q3: What is the system behavior after update? • Q4: What are the tolerable changes to roles and role hierarchies? • Q5: Is an update optimal (minimal)? 1 4

  15. Consideration of Q5 original state qualified states other states s1 s2 … … gap gap difference W hich update is better, s1 or s2 ? 1 5

  16. Contents • Motivations and Background • Key Questions • Ideas • Conclusions 1 6

  17. Update specification 1 7

  18. Model Checking System Property Model Checking Property holds. Property fails; A counter ‐ example is generated . 1 8

  19. Updating via Model Checking Property: RBAC Requested state is System never reachable. update achievable? Model Checking Yes. No. Requested state is Requested not never state is never reachable, and can reachable. be constructed from the counter- example. Property holds. Property fails; A counter ‐ example is generated . 1 9

  20. Overview simplified request Update request Transformer Translator NuSMV Programs Checking results Update NuSMV Reports Constructor 2 0

  21. Problems • State explosion problem • Memory crash simplified request Update request Transformer Translator NuSMV Programs Reductions crash NuSMV 2 1

  22. The Idea of Minimal Update original state qualified states other states s1 s2 s3 … … Updating algorithm difference 2 2

  23. The Idea of Minimal Update original state qualified states other states s1 s2 s3 … … Updating algorithm difference 2 3

  24. The Idea of Minimal Update original state qualified states other states s1 s2 s3 … … Updating algorithm difference 2 4

  25. The Idea of Minimal Update original state qualified states other states s1 s2 s3 … … No update Updating report algorithm difference 2 5

  26. Contents • Motivations and Background • Key Questions • Ideas • Conclusions 2 6

  27. Conclusions • A tool that accepts and answers high-level update requests. • Experiments (synthesized data) • Future work - Full administrative model - Composition (sequence of update requests) 2 7

  28. 2 8

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Electronic Access Control Policy Presented by Thomas Sonoff, Director of College Safety What is

Electronic Access Control Policy Presented by Thomas Sonoff, Director of College Safety What is

Electronic Access Control Policy Presented by Thomas Sonoff, Director of College Safety What is Access Control The ability to regulate or restrict building access via a centralized electronic control system Electronic Access Control System

292 views • 4 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
Access: Policy Update July 17, 2019 CURRENT BPS DRINKING WATER ACCESS POLICY Approved by

Access: Policy Update July 17, 2019 CURRENT BPS DRINKING WATER ACCESS POLICY Approved by

Boston Public Schools BPS Drinking Water Access: Policy Update July 17, 2019 CURRENT BPS DRINKING WATER ACCESS POLICY Approved by School Committee in June, 2016 The current policy requires: Annual testing of all schools

357 views • 10 slides
Detecting and Countering Insider Threats: the Insider Threat Can Policy-Based Access Control

Detecting and Countering Insider Threats: the Insider Threat Can Policy-Based Access Control

Introduction Insiders and Detecting and Countering Insider Threats: the Insider Threat Can Policy-Based Access Control Help? Trust and Trustworthi- ness Access Control and Trustwor- Jason Crampton 1 Michael Huth 2 thiness 1 Information

470 views • 25 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files & processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides
SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry & Access Control ACCESS CONTROL ACCESS CONTROL Allowing residents / staff access to site areas Main entrance Vehicle entrances Pedestrian entrances Gate / Barrier entrance Bin / Bike / Refuge

336 views • 14 slides
ECONOMIC ACCESS POLICY & LEISURE ACCESS PROGRAM UPDATE PARK BOARD COMMITTEE MEETING April

ECONOMIC ACCESS POLICY & LEISURE ACCESS PROGRAM UPDATE PARK BOARD COMMITTEE MEETING April

ECONOMIC ACCESS POLICY & LEISURE ACCESS PROGRAM UPDATE PARK BOARD COMMITTEE MEETING April 18, 2016 Recommendation THAT the Vancouver Park Board approve the proposed updates to the Economic Access Policy, as outlined in Appendix C of

398 views • 17 slides
Outline Access control: mechanism and policy Unix filesystem concepts CSci 4271W Development of

Outline Access control: mechanism and policy Unix filesystem concepts CSci 4271W Development of

Outline Access control: mechanism and policy Unix filesystem concepts CSci 4271W Development of Secure Software Systems Project 1 expectations Day 8: Unix Access Control Unix permissions basics Stephen McCamant Exercise: using Unix

874 views • 6 slides
Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs Access Control Administration Accountability Chapter 2 Access Control Models Identification and Authentication Methods Lecturer:

708 views • 9 slides
Station Access: Trends, Best Practices, and Discussion October 22, 2015 Station Access Policy

Station Access: Trends, Best Practices, and Discussion October 22, 2015 Station Access Policy

BART Board Workshop Station Access: Trends, Best Practices, and Discussion October 22, 2015 Station Access Policy Update Revise existing access policy (approved 2000) to account for recent trends and best practices Guide access practices

418 views • 23 slides
Perspectives on cavity field control Olof Troeng, Dept. of Automatic Control, Lund Univeristy

Perspectives on cavity field control Olof Troeng, Dept. of Automatic Control, Lund Univeristy

Perspectives on cavity field control Olof Troeng, Dept. of Automatic Control, Lund Univeristy Low-Level RF Workshop, 2019-10-03 1 Outline Thoughts from an automatic-control (and linac) perspective 1. Complex-coefficient LTI systems 2.

766 views • 54 slides
= arg min t (could be Maximum Likelihood) AUTOMATIC CONTROL AUTOMATIC CONTROL

= arg min t (could be Maximum Likelihood) AUTOMATIC CONTROL AUTOMATIC CONTROL

The Problem 2(47) Nonlinear System Identification: A Palette from Tunn: measurement; Tjock: simulation 5 y 1 0 5 0 1 2 3 4 5 6 7 8 9 10 0.5 Off-white to Pit-black y 2 0 0.5 0.5 0 1 2 3 4 5 6 7 8 9 10 y 3 0

435 views • 12 slides
IFAC International Federation of Automatic Control IFACs AIMS Promote control science and

IFAC International Federation of Automatic Control IFACs AIMS Promote control science and

IFAC International Federation of Automatic Control IFACs AIMS Promote control science and technology Advance international collaboration Stimulate research, development and application of automatic control and systems

431 views • 11 slides
Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control Introduction to Computer Security Access control, contd Announcements intermission Stephen McCamant Capability-based access control University

380 views • 7 slides
GNU PSPP A program for statistical analysis of sampled data. John Darrington 1 School of Computer

GNU PSPP A program for statistical analysis of sampled data. John Darrington 1 School of Computer

GNU PSPP A program for statistical analysis of sampled data. John Darrington 1 School of Computer Science and Software Engineering University of Western Australia Perth, WA, Australia The seventh Free and Open source Software Developers

487 views • 24 slides
Happy Birthday Peter ! Constructing Point Imprimitive Designs Cheryl E Praeger University of

Happy Birthday Peter ! Constructing Point Imprimitive Designs Cheryl E Praeger University of

Happy Birthday Peter ! Constructing Point Imprimitive Designs Cheryl E Praeger University of Western Australia 1 Theme of lecture: Designs based on a specified point partition Constructions: that allow symmetry to be determined Usually lots

439 views • 18 slides
W HAT DOES IT COUNT ? If G is a graph on n vertices then the coefficient of x n r in ( G ; x

W HAT DOES IT COUNT ? If G is a graph on n vertices then the coefficient of x n r in ( G ; x

T HE C HARACTERISTIC P OLYNOMIAL OF A G RAPH Gordon Royle Centre for the Mathematics of Symmetry & Computation School of Mathematics & Statistics University of Western Australia Dagstuhl, June 2016 A USTRALIA P ERTH U NIVERSITY OF W

730 views • 55 slides
of graphs and pairwise transitive designs CHERYL E PRAEGER CENTRE FOR THE MATHEMATICS OF

of graphs and pairwise transitive designs CHERYL E PRAEGER CENTRE FOR THE MATHEMATICS OF

Local transitivity properties of graphs and pairwise transitive designs CHERYL E PRAEGER CENTRE FOR THE MATHEMATICS OF SYMMETRY AND COMPUTATION CANADAM JUNE, 2013 Interplay between different areas Groups Designs Graphs The University of

297 views • 29 slides
3.06pt A Modal Aleatoric Calculus for Probabilistic Reasoning Tim French, Andrew Gozzard, Mark

3.06pt A Modal Aleatoric Calculus for Probabilistic Reasoning Tim French, Andrew Gozzard, Mark

3.06pt A Modal Aleatoric Calculus for Probabilistic Reasoning Tim French, Andrew Gozzard, Mark Reynolds The University of Western Australia 2019 Automated reasoning for game playing agents Many artificial intelligence applications require

477 views • 26 slides
(Pre-)Algebras for Linguistics 4. Residuation Carl Pollard Linguistics 680: Formal Foundations

(Pre-)Algebras for Linguistics 4. Residuation Carl Pollard Linguistics 680: Formal Foundations

(Pre-)Algebras for Linguistics 4. Residuation Carl Pollard Linguistics 680: Formal Foundations Autumn 2010 Carl Pollard (Pre-)Algebras for Linguistics Inflationary and Deflationary Operations A unary operation f on a preorder P,

535 views • 32 slides
(Pre-)Lattices Carl Pollard Department of Linguistics Ohio State University November 17, 2011

(Pre-)Lattices Carl Pollard Department of Linguistics Ohio State University November 17, 2011

(Pre-)Lattices Carl Pollard Department of Linguistics Ohio State University November 17, 2011 Carl Pollard (Pre-)Lattices Prelattices A prelattice is a preordered algebra P, , , where P, , is a lower

338 views • 12 slides
Decision to Incision Timing: No financial disclosures related to this talk Is the 30-minute

Decision to Incision Timing: No financial disclosures related to this talk Is the 30-minute

6/7/2014 Disclosures Decision to Incision Timing: No financial disclosures related to this talk Is the 30-minute rule valid? Medical Advisor to Ariosa, Cellscape, Mindchild Bobs Red Mill Aaron B. Caughey, MD, PhD Professor and

338 views • 10 slides

More recommend