NATO is developing a new IT infrastructure that will enable automated information sharing between di erent information security domains and provide strong separation between di erent communities of interest while supporting dynamic and exible enforcement of the need-to-know principle. In this context, the Content-based Protection and Release (CPR) model has been introduced to support the specification and enforcement of access control policies used in NATO and, more generally, in complex organizations. While the ability to support fine-grained security policies for a large variety of users, resources and devices is desirable, the definition, maintenance, and enforcement of these policies can be diffcult, time-consuming, and error-prone. Thus, automated support for policy analysis to help designers in these activities is needed. In this paper we show that several policy-related analysis problems of practical interest can be reduced to SMT problems, we propose an e ective enforcement mechanism relying on attribute-based encryption (ABE), and assess the scalability of our approach on an extensive set of synthetic benchmarks.

SMT-based enforcement and analysis of NATO content-based protection and release policies / Armando, A.; Ranise, S.; Traverso, R.; Wrona, K.. - (2016), pp. 35-46. (Intervento presentato al convegno 2016 ACM International Workshop on Attribute Based Access Control, ABAC 2016 tenutosi a usa nel 2016) [10.1145/2875491.2875493].

SMT-based enforcement and analysis of NATO content-based protection and release policies

Ranise S.;
2016-01-01

Abstract

NATO is developing a new IT infrastructure that will enable automated information sharing between di erent information security domains and provide strong separation between di erent communities of interest while supporting dynamic and exible enforcement of the need-to-know principle. In this context, the Content-based Protection and Release (CPR) model has been introduced to support the specification and enforcement of access control policies used in NATO and, more generally, in complex organizations. While the ability to support fine-grained security policies for a large variety of users, resources and devices is desirable, the definition, maintenance, and enforcement of these policies can be diffcult, time-consuming, and error-prone. Thus, automated support for policy analysis to help designers in these activities is needed. In this paper we show that several policy-related analysis problems of practical interest can be reduced to SMT problems, we propose an e ective enforcement mechanism relying on attribute-based encryption (ABE), and assess the scalability of our approach on an extensive set of synthetic benchmarks.
2016
ABAC 2016 - Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control, co-located with CODASPY 2016
1515 BROADWAY, NEW YORK, NY 10036-9998 USA
Association for Computing Machinery, Inc
9781450340793
Armando, A.; Ranise, S.; Traverso, R.; Wrona, K.
SMT-based enforcement and analysis of NATO content-based protection and release policies / Armando, A.; Ranise, S.; Traverso, R.; Wrona, K.. - (2016), pp. 35-46. (Intervento presentato al convegno 2016 ACM International Workshop on Attribute Based Access Control, ABAC 2016 tenutosi a usa nel 2016) [10.1145/2875491.2875493].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/333214
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 7
  • ???jsp.display-item.citation.isi??? 4
  • OpenAlex ND
social impact