Towards Automatic Update of Access Control Policy Jinwei Hu, Yan - - PowerPoint PPT Presentation

towards automatic update of access control policy
SMART_READER_LITE
LIVE PREVIEW

Towards Automatic Update of Access Control Policy Jinwei Hu, Yan - - PowerPoint PPT Presentation

Apr 02, 2023 350 likes •634 views

Towards Automatic Update of Access Control Policy Jinwei Hu, Yan Zhang, Ruixuan Li Huazhong University of Science and Technology, Wuhan, China University of Western Sydney, Sydney, Australia jwhu@hust.edu.cn 1 Contents Motivations and

slide-1
SLIDE 1

1

Towards Automatic Update

  • f Access Control Policy

Jinwei Hu, Yan Zhang, Ruixuan Li Huazhong University of Science and Technology, Wuhan, China University of Western Sydney, Sydney, Australia jwhu@hust.edu.cn

slide-2
SLIDE 2

2

Contents

  • Motivations and Background
  • Key Questions
  • Ideas
  • Conclusions
slide-3
SLIDE 3

3

Contents

  • Motivations and Background
  • Key Questions
  • Ideas
  • Conclusions
slide-4
SLIDE 4

4

Motivations - Why Update?

  • Misconfigurations [ SACMAT’08,

USENIX SEC’10]

  • Permission Assignment
  • A new user joins
  • Task assignment
  • Property satisfactions [ TISSEC]
  • Requirement dynamics [ CACM]
slide-5
SLIDE 5

5

Workflow of manual update

specify update constraints

  • bserve the system and update constraints

perform some operations check system and constraints constraints violated? update achieved? give up? end

yes yes yes no no no

undo operations Is the update achievable at atll? Are all changes necessary?

slide-6
SLIDE 6

6

Background - RBAC Systems

  • Role-based access control
slide-7
SLIDE 7

7

Contents

  • Motivations and Background
  • Key Questions
  • Ideas
  • Conclusions
slide-8
SLIDE 8

8

Key Questions

  • Q1: What is the update objective?
  • Assign { p5,p8,p9} via { r1, r2, r3, r4, r5, r6}
slide-9
SLIDE 9

9

Key Questions

  • Q1: What is the update objective?
  • Q2: Who is to implement the update?
  • Different administrators come with

different power.

  • Interactions/ dependencies among

administrators.

slide-10
SLIDE 10

1 0

Key Questions

  • Q1: What is the update objective?
  • Q2: Who is to implement the update?
  • Q3: What is the system behavior

after update?

  • Can users still perform their works?
slide-11
SLIDE 11

1 1

Consideration of Q3

  • Users’ permissions vary within range

[ lower bound, upper bound ]

  • transparency to users
  • maintain access control system

functions smoothly

slide-12
SLIDE 12

1 2

Key Questions

  • Q1: What is the update objective?
  • Q2: Who is to implement the update?
  • Q3: What is the system behavior

after update?

  • Q4: What are the tolerable changes

to roles and role hierarchies?

slide-13
SLIDE 13

1 3

Consideration of Q4

  • Role definitions
  • in terms of permissions, e.g., student =

{ use_printer, use_lab, … }

  • Top-down
  • Business meanings, semantics
  • Bottom-up
  • role engineering/ mining
  • Role definitions change as needed?

No change at all?

slide-14
SLIDE 14

1 4

Key Questions

  • Q1: What is the update objective?
  • Q2: Who is to implement the update?
  • Q3: What is the system behavior

after update?

  • Q4: What are the tolerable changes

to roles and role hierarchies?

  • Q5: Is an update optimal (minimal)?
slide-15
SLIDE 15

1 5

Consideration of Q5

… … gap gap difference

  • riginal state

qualified states

  • ther states

s1 s2 W hich update is better, s1 or s2 ?

slide-16
SLIDE 16

1 6

Contents

  • Motivations and Background
  • Key Questions
  • Ideas
  • Conclusions
slide-17
SLIDE 17

1 7

Update specification

slide-18
SLIDE 18

1 8

Model Checking

Model Checking

Property holds. Property fails; A counter‐example is generated. System Property

slide-19
SLIDE 19

1 9

Updating via Model Checking

Model Checking

Property holds. Property fails; A counter‐example is generated. RBAC System Property: Requested state is never reachable. update achievable? No. Requested state is never reachable. Yes. Requested state is not never reachable, and can be constructed from the counter- example.

slide-20
SLIDE 20

2 0

Overview

Transformer

Update request

Translator

simplified request

NuSMV

NuSMV Programs

Update Constructor

Checking results

Reports

slide-21
SLIDE 21

2 1

Problems

  • State explosion problem
  • Memory crash

NuSMV Programs

crash

Transformer

Update request

Translator

simplified request

NuSMV Reductions

slide-22
SLIDE 22

2 2

The Idea of Minimal Update

… … difference

  • riginal state

qualified states

  • ther states

s1 s2 s3

Updating algorithm

slide-23
SLIDE 23

2 3

The Idea of Minimal Update

… … difference

  • riginal state

qualified states

  • ther states

s1 s2 s3

Updating algorithm

slide-24
SLIDE 24

2 4

The Idea of Minimal Update

… … difference

  • riginal state

qualified states

  • ther states

s1 s2 s3

Updating algorithm

slide-25
SLIDE 25

2 5

The Idea of Minimal Update

… … difference

  • riginal state

qualified states

  • ther states

s1 s2 s3

Updating algorithm No update report

slide-26
SLIDE 26

2 6

Contents

  • Motivations and Background
  • Key Questions
  • Ideas
  • Conclusions
slide-27
SLIDE 27

2 7

Conclusions

  • A tool that accepts and answers

high-level update requests.

  • Experiments (synthesized data)
  • Future work
  • Full administrative model
  • Composition (sequence of update

requests)

slide-28
SLIDE 28

2 8