Bailey, Christopher, Montrieux, Lionel, de Lemos, Rogerio, Yu, Yijun, Wermelinger, Michel (2014) Run-time Generation, Transformation, and Verification of Access Control Models for Self-protection. In: Proceedings of the 9th International Symposium on Software Engineering for Adaptive and Self-Managing Systems. (doi:10.1145/2593929.2593945) (KAR id:42968)
PDF
Pre-print
Language: English |
|
Download this file (PDF/965kB) |
Preview |
Request a format suitable for use with assistive technology e.g. a screenreader | |
Official URL: http://doi.acm.org/10.1145/2593929.2593945 |
Abstract
Self-adaptive access control, in which self-* properties are applied to protecting systems, is a promising solution for the handling of malicious user behaviour in complex infrastructures.
A major challenge in self-adaptive access control is ensuring that chosen adaptations are valid, and produce a satisfiable model of access.
The contribution of this paper is the generation, transformation and verification of Role Based Access Control (RBAC) models at run-time, as a means for providing assurances that the adaptations to be deployed are valid.
The goal is to protect the system against insider threats by adapting at run-time the access control policies associated with system resources, and access rights assigned to users.
Depending on the type of attack, and based on the models from the target system and its environment, the adapted access control models need to be evaluated against the RBAC metamodel, and the adaptation constraints related to the application.
The feasibility of the proposed approach has been demonstrated in the context of a fully working prototype using malicious scenarios inspired by a well documented case of insider attack.
Item Type: | Conference or workshop item (Paper) |
---|---|
DOI/Identification number: | 10.1145/2593929.2593945 |
Uncontrolled keywords: | adaptive security, model verification, rbac, self-adaptation |
Subjects: | Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming, |
Divisions: |
Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing University-wide institutes > Institute of Cyber Security for Society |
Depositing User: | Rogerio de Lemos |
Date Deposited: | 16 Sep 2014 23:13 UTC |
Last Modified: | 09 Mar 2023 11:33 UTC |
Resource URI: | https://kar.kent.ac.uk/id/eprint/42968 (The current URI for this page, for reference purposes) |
- Link to SensusAccess
- Export to:
- RefWorks
- EPrints3 XML
- BibTeX
- CSV
- Depositors only (login required):