Detection of Multiple-Duty-Related Security Leakage in Access Control Policies
Access control mechanisms control which subjects (such as users or processes) have access to which resources. To facilitate managing access control, policy authors increasingly write access control policies in XACML. Access control policies written in XACML could be amenable to multiple-duty-related security leakage, which grants unauthorized access to a user when the user takes multiple duties (e.g., multiple roles in role-based access control policies). To help policy authors detect multipleduty-related security leakage, we develop a novel framework that analyzes policies and detects cases that potentially cause the leakage. In such cases, a user taking multiple roles (e.g., both T1 and T2) is given a different access decision from the decision given to a user taking an individual role (e.g., T1 and T2, respectively). We conduct experiments on 11 XACML policies and our empirical results show that our framework effectively pinpoints potential multiple-duty-related security leakage for policy authors to inspect.
Validation Policy Verification Access Control Policies
JeeHyun Hwang Tao Xie Vincent C. Hu
Department of Computer Science, North Carolina State University, Raleigh, NC 27695-8206 Computer Security Division, National Institute of Standards and Technology, Gaithersburg,MD 20899-89
国际会议
上海
英文
65-74
2009-07-08(万方平台首次上网日期,不代表论文的发表时间)