Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Authors in Bold
|Author(s):||Chung Tong Hu; Karen Scarfone;|
|Title:||Real-Time Access Control Rule Fault Detection Using a Simulated Logic Circuit|
|Published:||February 03, 2014|
|Abstract:||Access control (AC) policies can be implemented based on different AC models, which are fundamentally composed by semantically independent AC rules in expressions of privilege assignments described by attributes of subjects/attributes, actions, objects/attributes, and environment variables of the protected systems. Incorrect implementations of AC policies result in faults that not only leak but also disable access of information, and faults in AC policies are difficult to detect without support of verification or automatic fault detection mechanisms. This research proposes an automatic method through the construction of a simulated logic circuit that simulates AC rules in AC policies or models. The simulated logic circuit allows real-time detection of policy faults including conflicts of privilege assignments, leaks of information, and conflicts of interest assignments. Such detection is traditionally done by tools that perform verification or testing after all the rules of the policy/model are completed, and it provides no information about the source of verification errors. The real-time fault detecting capability proposed by this research allows a rule fault to be detected and fixed immediately before the next rule is added to the policy/model, thus requiring no later verification and saving a significant amount of fault fixing time.|
|Proceedings:||2013 ASE/IEEE International Conference on Privacy, Security, Risk and Trust|
|Pages:||pp. 494 - 501|
|Location:||Washington DC, DC|
|Dates:||September 8-14, 2013|
|Keywords:||Access Control, Authorization, Model Verification, Testing, Verification|
|DOI:||http://dx.doi.org/10.1109/SocialCom.2013.76 (Note: May link to a non-U.S. Government webpage)|
|PDF version:||Click here to retrieve PDF version of paper (620KB)|