Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Real-Time Access Control Rule Fault Detection Using a Simulated Logic Circuit

Published

Author(s)

Chung Tong Hu, Karen Scarfone

Abstract

Access control (AC) policies can be implemented based on different AC models, which are fundamentally composed by semantically independent AC rules in expressions of privilege assignments described by attributes of subjects/attributes, actions, objects/attributes, and environment variables of the protected systems. Incorrect implementations of AC policies result in faults that not only leak but also disable access of information, and faults in AC policies are difficult to detect without support of verification or automatic fault detection mechanisms. This research proposes an automatic method through the construction of a simulated logic circuit that simulates AC rules in AC policies or models. The simulated logic circuit allows real-time detection of policy faults including conflicts of privilege assignments, leaks of information, and conflicts of interest assignments. Such detection is traditionally done by tools that perform verification or testing after all the rules of the policy/model are completed, and it provides no information about the source of verification errors. The real-time fault detecting capability proposed by this research allows a rule fault to be detected and fixed immediately before the next rule is added to the policy/model, thus requiring no later verification and saving a significant amount of fault fixing time.
Proceedings Title
2013 ASE/IEEE International Conference on Privacy, Security, Risk and Trust
Conference Dates
September 8-14, 2013
Conference Location
Washington DC, DC

Keywords

Access Control, Authorization, Model Verification, Testing, Verification

Citation

, C. and Scarfone, K. (2014), Real-Time Access Control Rule Fault Detection Using a Simulated Logic Circuit, 2013 ASE/IEEE International Conference on Privacy, Security, Risk and Trust, Washington DC, DC, [online], https://doi.org/10.1109/SocialCom.2013.76 (Accessed June 24, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created February 3, 2014, Updated June 9, 2020