A comprehensive approach to the automatic refinement and verification of access control policies. Issue 80 (January 2019)
- Record Type:
- Journal Article
- Title:
- A comprehensive approach to the automatic refinement and verification of access control policies. Issue 80 (January 2019)
- Main Title:
- A comprehensive approach to the automatic refinement and verification of access control policies
- Authors:
- Cheminod, Manuel
Durante, Luca
Seno, Lucia
Valenza, Fulvio
Valenzano, Adriano - Abstract:
- Abstract: Access control is one of the building blocks of network security and is often managed by network administrators through the definition of sets of high-level policies meant to regulate network behavior (policy-based management). In this scenario, policy refinement and verification are important processes that have to be dealt with carefully, possibly relaying on computer-aided automated software tools. This paper presents a comprehensive approach for access control policy refinement, verification and, in case errors are detected in the policy implementation, their fixing. The proposed methodology is based on a twofold model able to describe both policies and system configurations and allows, by suitably processing the model, to either propose a system configuration that correctly enforces the policies, or determine whether a specific implementation matches the policy specification also providing hints on how possible anomalies can be fixed. Results on the average complexity of the solution confirm its feasibility in terms of computation time, even for complex networked systems consisting of several hundred nodes.
- Is Part Of:
- Computers & security. Issue 80(2019)
- Journal:
- Computers & security
- Issue:
- Issue 80(2019)
- Issue Display:
- Volume 80, Issue 80 (2019)
- Year:
- 2019
- Volume:
- 80
- Issue:
- 80
- Issue Sort Value:
- 2019-0080-0080-0000
- Page Start:
- 186
- Page End:
- 199
- Publication Date:
- 2019-01
- Subjects:
- Access control -- Policy-based network management -- Policy refinement -- Policy verification
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2018.09.013 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 8476.xml