Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo

Publication Citation: Real-Time Access Control Rule Fault Detection Using a Simulated Logic Circuit

NIST Authors in Bold

Author(s): Chung Tong Hu; Karen Scarfone;
Title: Real-Time Access Control Rule Fault Detection Using a Simulated Logic Circuit
Published: February 03, 2014
Abstract: Access control (AC) policies can be implemented based on different AC models, which are fundamentally composed by semantically independent AC rules in expressions of privilege assignments described by attributes of subjects/attributes, actions, objects/attributes, and environment variables of the protected systems. Incorrect implementations of AC policies result in faults that not only leak but also disable access of information, and faults in AC policies are difficult to detect without support of verification or automatic fault detection mechanisms. This research proposes an automatic method through the construction of a simulated logic circuit that simulates AC rules in AC policies or models. The simulated logic circuit allows real-time detection of policy faults including conflicts of privilege assignments, leaks of information, and conflicts of interest assignments. Such detection is traditionally done by tools that perform verification or testing after all the rules of the policy/model are completed, and it provides no information about the source of verification errors. The real-time fault detecting capability proposed by this research allows a rule fault to be detected and fixed immediately before the next rule is added to the policy/model, thus requiring no later verification and saving a significant amount of fault fixing time.
Proceedings: 2013 ASE/IEEE International Conference on Privacy, Security, Risk and Trust
Pages: pp. 494 - 501
Location: Washington DC, DC
Dates: September 8-14, 2013
Keywords: Access Control, Authorization, Model Verification, Testing, Verification
Research Areas: Cybersecurity
DOI: http://dx.doi.org/10.1109/SocialCom.2013.76  (Note: May link to a non-U.S. Government webpage)
PDF version: PDF Document Click here to retrieve PDF version of paper (620KB)