TY - GEN
T1 - Managing access control policies using access control spaces
AU - Jaeger, Trent
AU - Edwards, Antony
AU - Zhang, Xiaolan
PY - 2002
Y1 - 2002
N2 - We present the concept of an access control space and investigate how it may be useful in managing access control policies. An access control space represents the permission assignment state of a subject. We identify subspaces that have meaningful semantics. For example, the set permissions explicitly assigned to a subject defines its specified subspace, and constraints define the prohibited subspace. In analyzing these subspaces, we identify two problems: (1) often a significant portion of the access control space has unknown assignment semantics, meaning that it is not defined whether an assignment in this space should be permitted or not, and (2) often high-level assignments and constraints that are easily understood result in conflicts where permissions are both specified and prohibited. To solve these problems, we have developed a tool, called Gokyo, that enables definition and analysis of access control spaces. Gokyo computes the unknown subspace to show system administrators the ambiguous region and enable them to reduce it. Gokyo identifies conflicting subspaces and enables system administrators to handle subspaces as exceptions, if desired. We demonstrate the utility of Gokyo by analyzing a web server policy example.
AB - We present the concept of an access control space and investigate how it may be useful in managing access control policies. An access control space represents the permission assignment state of a subject. We identify subspaces that have meaningful semantics. For example, the set permissions explicitly assigned to a subject defines its specified subspace, and constraints define the prohibited subspace. In analyzing these subspaces, we identify two problems: (1) often a significant portion of the access control space has unknown assignment semantics, meaning that it is not defined whether an assignment in this space should be permitted or not, and (2) often high-level assignments and constraints that are easily understood result in conflicts where permissions are both specified and prohibited. To solve these problems, we have developed a tool, called Gokyo, that enables definition and analysis of access control spaces. Gokyo computes the unknown subspace to show system administrators the ambiguous region and enable them to reduce it. Gokyo identifies conflicting subspaces and enables system administrators to handle subspaces as exceptions, if desired. We demonstrate the utility of Gokyo by analyzing a web server policy example.
UR - https://www.scopus.com/pages/publications/0242540396
UR - https://www.scopus.com/pages/publications/0242540396#tab=citedBy
U2 - 10.1145/507711.507713
DO - 10.1145/507711.507713
M3 - Conference contribution
AN - SCOPUS:0242540396
T3 - Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002)
SP - 3
EP - 12
BT - Proceedings of Seventh ACM Symposium on Access Control Models and Technologies (SACMAT 2002)
PB - Association for Computing Machinery (ACM)
T2 - 7th ACM Symposium on Access Control Models and Technologies, SACMAT 2002
Y2 - 3 June 2002 through 4 June 2002
ER -