Istituto di Informatica e Telematica     
Krautsevich L., Lazouski A., Martinelli F., Yautsiukhin A. Cost-Effective Enforcement of Access and Usage Control Policies under Uncertainties. In: IEEE Systems Journal, vol. 7(2) pp. 223 - 235. IEEE, 2013.
In Usage CONtrol (UCON) access decisions relyon mutable attributes. A reference monitor should re-evaluatesecurity policies each time attributes change their values. Identifyingall attribute changes in a timely manner is a challengingissue, especially if the attribute provider and the referencemonitor reside in different security domains. Some attributechanges might be missed, corrupted, and delayed. As a result,the reference monitor may erroneously grant access to malicioususers and forbid it for eligible ones.This paper proposes a set of policy enforcement modelswhich help to mitigate the uncertainties associated with mutableattributes. In our model the reference monitor, as usual, evaluateslogical predicates over attributes and, additionally, makes someestimates on how much observed attribute values differ from thereal state of the world. The final access decision takes into accountboth factors. We assign costs for granting and revoking access tolegitimate and malicious users and compare the proposed policyenforcement models in terms of cost-efficiency.
Subject Markov Chains
Policy Enforcement
Mutable Attribute
usage control
K.6.5 Security and protection

Icona documento 1) Download Document PDF

Icona documento Open access Icona documento Restricted Icona documento Private


Per ulteriori informazioni, contattare: Librarian http://puma.isti.cnr.it

Valid HTML 4.0 Transitional