Self-Adaptive Authorization Framework for Policy Based RBAC/ABAC Models

Bailey, Christopher and Chadwick, David W. and de Lemos, Rogério (2011) Self-Adaptive Authorization Framework for Policy Based RBAC/ABAC Models. In: Proceedings of the 9th IEEE conference on Dependable, Autonomic and Secure Computing. (Access to this publication is restricted)

PDF - Published Version
Restricted to Registered users only
Contact us about this Publication Download (790kB)
[img]
Official URL
http://www.cs.kent.ac.uk/pubs/2011/3193

Abstract

Authorization systems are an integral part of any network where resources need to be protected. They act as the gateway for providing (or denying) subjects (users) access to resources. As networks expand and organisations start to federate access to their resources, authorization infrastructures become increasingly difficult to manage. In this paper, we explore the potential of self-adaptive authorization as a means to automate the management of the access control configuration. We propose a Self-Adaptive Authorization Framework (SAAF) that is capable of managing any policy based distributed RBAC/ABAC authorization infrastructure. SAAF relies on a feedback control loop to monitor decisions (by policy decision points) of a target authorization infrastructure. These decisions are analysed to form a view of the subjects behaviour to decide whether to adapt the target authorization infrastructure. Adaptations are made in order to either endorse or restrict the identified behaviour, e.g. by loosening or tightening the current authorization policy. We demonstrate in terms of representative scenarios SAAFs ability for detecting abnormal behaviour, such as, misuse of access to system resources, proposing solutions that either prevent/endorse such behaviour, applying a cost function to each of these solutions, and executing the adaptive changes against a target authorization infrastructure.

Item Type: Conference or workshop item (Paper)
Uncontrolled keywords: determinacy analysis, Craig interpolants
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Faculties > Science Technology and Medical Studies > School of Computing > Security Group
Depositing User: Rogerio de Lemos
Date Deposited: 21 Sep 2012 09:49
Last Modified: 25 Oct 2012 15:45
Resource URI: http://kar.kent.ac.uk/id/eprint/30711 (The current URI for this page, for reference purposes)
  • Depositors only (login required):

Downloads

Downloads per month over past year