Optimization of Access Control Policies
نویسندگان
چکیده
Organizations undertake complex and costly projects to model high-quality Access Control Policies (ACPs). Once built, these policies must be maintained managed in an ongoing process keep their quality high. Insufficient maintenance leads inaccurate authorization decisions increases the policies’ administrative effort susceptibility errors. While initial modeling of ACPs has received significant research interest, optimization is not yet covered as broadly. This work provides a theoretical foundation for ACP its optimization. Furthermore, it analyzes how existing addresses with regard six crucial dimensions. It presents structured literature survey tracing dimensions, contributed artifact data requirements. Building on this catalogue, elaborates inaccuracies user permission assignments, availability, minimal perturbation recommendation-based • Derivation based 16 well-established criteria. Literature objectives. Discussion findings
منابع مشابه
Access Control Policies and Languages Access Control Policies and Languages
Access control is the process of mediating every request to data and services maintained by a system and determining whether the request should be granted or denied. Expressiveness and flexibility are top requirements for an access control system together with, and usually in conflict with, simplicity and efficiency. In this paper, we discuss the main desiderata for access control systems and i...
متن کاملDatabase Access Control Policies
As organizations increase their dependence on database systems for daily business, they become more vulnerable to security breaches even as they gain productivity and efficiency advantages. A truly comprehensive approach for data protection must include mechanisms for enforcing access control policies based on data contents, subject qualifications and characteristics. The database security comm...
متن کاملTesting Access Control Policies
As software systems become more and more complex, and are deployed to manage a large amount of sensitive information and resources, specifying and managing correct access control policies is critical and yet challenging. Policy testing is an important means to increasing confidence in the correctness of specified policies and their implementations for access control. There are two types of poli...
متن کاملAn automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملRewriting-Based Access Control Policies
In this paper we propose a formalization of access control policies based on term rewriting. The state of the system to which policies are enforced is represented as an algebraic term, what allows to model many aspects of the policy environment. Policies are represented as sets of rewrite rules, whose evaluation produces deterministic authorization decisions. We discuss the relation between pro...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Journal of information security and applications
سال: 2022
ISSN: ['2214-2134', '2214-2126']
DOI: https://doi.org/10.1016/j.jisa.2022.103301