TY - GEN
T1 - Managing access control complexity using metrics
AU - Jaeger, Trent
PY - 2001/12/1
Y1 - 2001/12/1
N2 - General access control models enable flexible expression of access control policies, but they make the verification of whether a particular access control configuration is safe (i.e., prevents the leakage of a permission to an unauthorized subject) difficult. The current approach to expressing safety policy in such models is to use constraints. When the constraints are verified, then the configuration is verified to be safe. However, the addition of constraints to an access control configuration significantly increases its complexity, so it quickly becomes difficult to understand the access control policy expressed in the configuration such that future changes can be made correctly. We propose an approach whereby the complexity of each access control configuration is estimated, so the administrators can see the effect of a configuration change on the future ability to maintain the configuration. We identify metrics for making complexity estimates and evaluate these metrics on some constraint examples. Our goal is to enable the use of flexible access control models for safety-critical systems by permitting limited use of constraints that do not complicate the configuration beyond a maintainable complexity.
AB - General access control models enable flexible expression of access control policies, but they make the verification of whether a particular access control configuration is safe (i.e., prevents the leakage of a permission to an unauthorized subject) difficult. The current approach to expressing safety policy in such models is to use constraints. When the constraints are verified, then the configuration is verified to be safe. However, the addition of constraints to an access control configuration significantly increases its complexity, so it quickly becomes difficult to understand the access control policy expressed in the configuration such that future changes can be made correctly. We propose an approach whereby the complexity of each access control configuration is estimated, so the administrators can see the effect of a configuration change on the future ability to maintain the configuration. We identify metrics for making complexity estimates and evaluate these metrics on some constraint examples. Our goal is to enable the use of flexible access control models for safety-critical systems by permitting limited use of constraints that do not complicate the configuration beyond a maintainable complexity.
UR - http://www.scopus.com/inward/record.url?scp=0035790630&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=0035790630&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:0035790630
SN - 1581133502
T3 - Proceedings of Sixth ACM Symposium on Access Control Models and Technologies (SACMAT 2001)
SP - 131
EP - 139
BT - Proceedings of Sixth ACM Symposium on Access Control Models and Technologies (SACMAT 2001)
T2 - Proceedings of the sixth ACM Symposium on Access Control Models and Technologies (SACMAT 2001)
Y2 - 3 May 2001 through 4 May 2001
ER -