<p>Zero Trust is an approach allowing for increased security by providing an object or a subject with the three CIA (Confidentiality, Integrity, Availability) security aspects. To comply with the CIA criteria, access control models need to support functionalities such as: a) safer permission grant and authorization processes, b) policy decision delivery to single or multiple users, and c) policy decision delivery to single or multiple actions or objects. In addition, we need to consider redundancy, conflict detection, different types of permissions to delegate, delegation, and the separation of duties (SoD) with different types. Extensive literature exists with respect to delegation operations on access control models, but most of them do not consider redundancy or partial conflict detection with regard to the standard policies. We address the positive and negative policies resolution as a precursor to the delegation request resolution. We address the resolutions in context of the standard policies that allow or deny an action on the object to a single or multiple subjects. We provide an analysis via multiple case studies using a Python implementation of the HPol (Hierarchical Policy) model. Our analysis demonstrates the ability of the HPol model to handle access control resolution issues discussed, with proof of results in context of the positive and negative (YES &amp; NO) policy requests.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Graph-based formal modeling and implementation of access control policies with automated conflict and redundancy detection

  • Azan Hamad Alkhorem,
  • Daniel Conte de Leon,
  • Ananth A. Jillepalli,
  • Jia Song

摘要

Zero Trust is an approach allowing for increased security by providing an object or a subject with the three CIA (Confidentiality, Integrity, Availability) security aspects. To comply with the CIA criteria, access control models need to support functionalities such as: a) safer permission grant and authorization processes, b) policy decision delivery to single or multiple users, and c) policy decision delivery to single or multiple actions or objects. In addition, we need to consider redundancy, conflict detection, different types of permissions to delegate, delegation, and the separation of duties (SoD) with different types. Extensive literature exists with respect to delegation operations on access control models, but most of them do not consider redundancy or partial conflict detection with regard to the standard policies. We address the positive and negative policies resolution as a precursor to the delegation request resolution. We address the resolutions in context of the standard policies that allow or deny an action on the object to a single or multiple subjects. We provide an analysis via multiple case studies using a Python implementation of the HPol (Hierarchical Policy) model. Our analysis demonstrates the ability of the HPol model to handle access control resolution issues discussed, with proof of results in context of the positive and negative (YES & NO) policy requests.