Istituto di Informatica e Telematica     
Krautsevich L., Lazouski A., Martinelli F., Yautsiukhin A. Cost-effective enforcement of UCON policies. In: CRiSIS 2011 - 6th International Conference on Risks and Security of Internet and Systems (Timisoara, 26-28 September 2011). Proceedings, pp. 70 - 77. IEEE Computer Society, 2011.
In Usage CONtrol (UCON) access decisions rely on mutable attributes. A reference monitor should re-evaluate security policies each time when attributes change their values. Catching timely all attribute changes is a challenging issue, especially if the attribute provider and the reference monitor reside in different security domains. Some attribute changes might be missed, corrupted, and delayed. As a result, the reference monitor may erroneously grant the access to malicious users and forbid it for eligible users. This paper proposes a set of policy enforcement models which help to tolerate uncertainties associated with mutable attributes. In our model the reference monitor as usually evaluates logical predicates over attributes and additionally makes some estimates on how much observed attribute values differ from the real state of the world. The final access decision counts both factors. We assign monetary outcomes for granting and revoking access to legitimate and malicious users and compare the proposed policy enforcement models in terms of cost-efficiency.
DOI: 10.1109/CRiSIS.2011.6061833
Subject Usage Control
Mutable Attribute
Markov Chain
K.6.5 Security and protection

Icona documento 1) Download Document PDF

Icona documento Open access Icona documento Restricted Icona documento Private


Per ulteriori informazioni, contattare: Librarian http://puma.isti.cnr.it

Valid HTML 4.0 Transitional