On the notion of redundancy in access control policies
| Autor: | Mario Arrigoni Neri, Eros Magri, Marco Guarnieri, Simone Mutti |
|---|---|
| Rok vydání: | 2013 |
| Předmět: |
021110 strategic
defence & security studies Mathematical optimization Theoretical computer science business.industry Total cost Heuristic Computer science 0211 other engineering and technologies 020206 networking & telecommunications Access control 02 engineering and technology Security policy 0202 electrical engineering electronic engineering information engineering Redundancy (engineering) Information system Anomaly detection Settore ING-INF/05 - Sistemi di Elaborazione delle Informazioni business Heuristics |
| Zdroj: | SACMAT |
| DOI: | 10.1145/2462410.2462426 |
| Popis: | The evolution of information systems sees an increasing need of flexible and sophisticated approaches for the automated detection of anomalies in security policies. One of these anomalies is redundancy, which may increase the total cost of management of the policies and may reduce the performance of access control mechanisms and of other anomaly detection techniques. We consider three approaches that can remove redundancy from access control policies, progressively reducing the number of authorizations in the policy itself. We show that several problems associated with redundancy are NP-hard. We propose exact solutions to two of these problems, namely the Minimum Policy Problem, which consists in computing the minimum policy that represents the behaviour of the system, and the Minimum Irreducible Policy Problem, consisting in computing the redundancy-free version of a policy with the smallest number of authorizations. Furthermore we propose heuristic solutions to those problems. We also present a comparison between the exact and heuristics solutions based on experiments that use policies derived from bibliographical databases. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|