Skip to main content

Self-Adaptive Authorization Framework for Policy Based RBAC/ABAC Models

Bailey, Christopher J., Chadwick, David W., de Lemos, Rogerio (2011) Self-Adaptive Authorization Framework for Policy Based RBAC/ABAC Models. In: Proceedings of the 9th IEEE conference on Dependable, Autonomic and Secure Computing. . pp. 182-196. IEEE (doi:10.1109/DASC.2011.31) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided) (KAR id:30711)

PDF Publisher pdf
Language: English

Restricted to Repository staff only
[thumbnail of dasc11_saaf.pdf]
Official URL:
http://www.cs.kent.ac.uk/pubs/2011/3193

Abstract

Authorization systems are an integral part of any network where resources need to be protected. They act as the gateway for providing (or denying) subjects (users) access to resources. As networks expand and organisations start to federate access to their resources, authorization infrastructures become increasingly difficult to manage. In this paper, we explore the potential of self-adaptive authorization as a means to automate the management of the access control configuration. We propose a Self-Adaptive Authorization Framework (SAAF) that is capable of managing any policy based distributed RBAC/ABAC authorization infrastructure. SAAF relies on a feedback control loop to monitor decisions (by policy decision points) of a target authorization infrastructure. These decisions are analysed to form a view of the subjects behaviour to decide whether to adapt the target authorization infrastructure. Adaptations are made in order to either endorse or restrict the identified behaviour, e.g. by loosening or tightening the current authorization policy. We demonstrate in terms of representative scenarios SAAFs ability for detecting abnormal behaviour, such as, misuse of access to system resources, proposing solutions that either prevent/endorse such behaviour, applying a cost function to each of these solutions, and executing the adaptive changes against a target authorization infrastructure.

Item Type: Conference or workshop item (Paper)
DOI/Identification number: 10.1109/DASC.2011.31
Uncontrolled keywords: determinacy analysis, Craig interpolants
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
University-wide institutes > Institute of Cyber Security for Society
Depositing User: Rogerio de Lemos
Date Deposited: 21 Sep 2012 09:49 UTC
Last Modified: 16 Nov 2021 10:08 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/30711 (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.