Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

LogicDetect: Real-Time Detection of Faults in Access Control Policy with Logic Circuits

Published

Author(s)

Yatish Dubasi, Vincent C. Hu, Qinghua Li, Jia Di

Abstract

Ensuring the correctness of access control (AC) policies is crucial for system security, particularly for complex systems with numerous subjects, objects, roles, and actions. However, crafting errorfree policies becomes increasingly challenging due to the complexity of system and the potential inconsistencies among different system administrators when they generate the policy rules. Traditional methods for detecting faults in AC policies often suffer from limitations, including time-consuming analysis and inability to perform real-time verification. This paper introduces LogicDetect, a novel approach that leverages logic circuits for real-time detection of AC rule faults. LogicDetect translates AC rules into logic circuits, and checks policy faults by invoking relevant circuit branches and observing if there is any conflict in the circuit outputs. It could be implemented in either software or hardware, enabling real-time identification of inconsistencies as new rules are added or modified. This paper details the design of logic circuits for various AC policies, properties, and models. We present a hardware and software implementation of LogicDetect and evaluate their performance against traditional AC policy verification tools. Our findings show that LogicDetect runs faster, and is a promising approach for enhancing the security and integrity of access control systems.
Citation
Cyber Security and Applications

Keywords

access control, fault detection, logic circuit

Citation

Dubasi, Y. , Hu, V. , Li, Q. and Di, J. (2024), LogicDetect: Real-Time Detection of Faults in Access Control Policy with Logic Circuits, Cyber Security and Applications, [online], https://doi.org/10.2139/ssrn.4904892, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=958434 (Accessed December 14, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created July 25, 2024, Updated October 23, 2024