The notion of "session" created a considerable debate in access control. Recent research demonstrated that many access control constraints can not be verified statically at design time. The user behavior during an active session is uncertain, sessions are concurrent and some authorization decision parameters (i.e. conditions) are only available at runtime. However, similarly to what is done in software verification, it is possible to give static indications about the run-tim behavior of the access control system, by analyzing a finite number of approximations that model both the user behavior and the decision parameters. Moreover, constraints (e.g. history-based ones) can be analyzed in combination rather than individually. In this paper, we present a framework tailored to the verification of run-time constraints and security properties (e.g. mutually exclusive roles) for role based access control systems. Our framework employs actors to mimic active entities at runtime and creates stochastic activity entropies from a set of permission and role activations. A security administrator can obtain a set of run-time trajectories with a finite number of simulations that can be used to verify the desired properties.
Scheda prodotto non validato
I dati visualizzati non sono stati ancora sottoposti a validazione formale da parte dello Staff di IRIS, ma sono stati ugualmente trasmessi al Sito Docente Cineca (Loginmiur).
Titolo: | Towards Run-Time Verification in Access Control |
Autori: | F. Turkmen; E. (EJ)Jung; B. Crispo |
Autori Unitn: | |
Titolo del volume contenente il saggio: | Policies for Distributed Systems and Networks |
Luogo di edizione: | NEW YORK |
Casa editrice: | IEEE |
Anno di pubblicazione: | 2011 |
Codice identificativo Scopus: | 2-s2.0-80052408816 |
ISBN: | 978-1-4244-9879-6 |
Handle: | http://hdl.handle.net/11572/89870 |
Appare nelle tipologie: | 04.1 Saggio in atti di convegno (Paper in proceedings) |