Refactoring Multi-Layered Access Control Policies Through (De)Composition
| Autor: | Matteo Maria Casalino, Romuald Thion |
|---|---|
| Přispěvatelé: | Base de Données (BD), Laboratoire d'InfoRmatique en Image et Systèmes d'information (LIRIS), Institut National des Sciences Appliquées de Lyon (INSA Lyon), Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Centre National de la Recherche Scientifique (CNRS)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-École Centrale de Lyon (ECL), Université de Lyon-Université Lumière - Lyon 2 (UL2)-Institut National des Sciences Appliquées de Lyon (INSA Lyon), Université de Lyon-Université Lumière - Lyon 2 (UL2), IEEE |
| Jazyk: | angličtina |
| Rok vydání: | 2013 |
| Předmět: |
Flexibility (engineering)
Computer access control business.industry Semantics (computer science) Computer science Distributed computing 020206 networking & telecommunications Access control 02 engineering and technology computer.software_genre Code refactoring 020204 information systems Server 0202 electrical engineering electronic engineering information engineering Web application [INFO]Computer Science [cs] Isolation (database systems) business computer |
| Zdroj: | International Conference on Network and Service Management (CNSM) International Conference on Network and Service Management (CNSM), Oct 2013, Zürich, Switzerland. pp.243-250, ⟨10.1109/CNSM.2013.6727843⟩ CNSM |
| Popis: | International audience; Policy-based access control is a well-established paradigm for securing layered IT systems. Access control policies, however, often do not focus on dedicated architecture layers, but increasingly employ concepts of multiple layers. Web application servers, for instance, typically support request filtering on the basis of network addresses. The resulting flexibility comes with increased management complexity and the risk of security-relevant misconfiguration when looking at the various policies in isolation. We therefore propose a flexible access control framework able to provide a comprehensive view of the global access control policy implemented in a given system. The focus of this paper is to lay down the theoretical foundations of this framework that allows (i) to describe authorization policies from different architecture layers, (ii) to capture the semantics of dependencies between layers in order to create a composed view of the global policy, and (iii) to decompose the global policy again into a collection of simpler ones by means of algebraic techniques inspired from database normalization theory. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|