Adaptive Reasoning for Context-Sensitive Access Controls

Sara Sartoli; Akbar Siami Namin

doi:10.1109/COMPSAC.2016.45

Adaptive Reasoning for Context-Sensitive Access Controls

Sara Sartoli, Akbar Siami Namin

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

3 Scopus citations

Abstract

Many of the current policy-based management systems implement policies that depend on dynamic operational environment contexts. The existing formal-based approaches for enforcing security policies are mainly expressed using first-order logic. A major drawback of using first-order logic in implementing dynamic policies is that new observations cannot override previously inferred consequences. In fact, a security system whose enterprise policies are implemented using first-order logic is required to have complete access to data in advance in order to be able to perform an informed reasoning and enforce restricting policies. As a major problem, the systems designed based on these first order logic-based approaches are often static, inflexible, and hard to manage and scale. This paper introduces an approach for expressing and enforcing adaptive access control policies dynamically. The paper presents a non-monotonic formal approach based on Answer Set Programming where default policies are explicitly separated from context-dependent and exception policies that often occur in dynamic systems and in particular when the required context data are unavailable ahead of time. The results of presented case study demonstrate the flexibility of the proposed approach compared to the first order logic-based context-sensitive approaches as implemented in Organizational-Based Access Control (ORBAC) model.

Original language	English
Title of host publication	Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016
Editors	William Claycomb, Dejan Milojicic, Ling Liu, Mihhail Matskin, Zhiyong Zhang, Sorel Reisman, Hiroyuki Sato, Zhiyong Zhang, Sheikh Iqbal Ahamed
Publisher	IEEE Computer Society
Pages	481-486
Number of pages	6
ISBN (Electronic)	9781467388450
DOIs	https://doi.org/10.1109/COMPSAC.2016.45
State	Published - Aug 24 2016
Event	2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016 - Atlanta, United States Duration: Jun 10 2016 → Jun 14 2016

Publication series

Name	Proceedings - International Computer Software and Applications Conference
Volume	1
ISSN (Print)	0730-3157

Conference

Conference	2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016
Country/Territory	United States
City	Atlanta
Period	06/10/16 → 06/14/16

Keywords

Access Control
Adaptive Security Policies
Answer Set Programming
Formal Analysis
Management

Access to Document

10.1109/COMPSAC.2016.45

Cite this

Sartoli, S., & Namin, A. S. (2016). Adaptive Reasoning for Context-Sensitive Access Controls. In W. Claycomb, D. Milojicic, L. Liu, M. Matskin, Z. Zhang, S. Reisman, H. Sato, Z. Zhang, & S. I. Ahamed (Eds.), Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016 (pp. 481-486). Article 7552052 (Proceedings - International Computer Software and Applications Conference; Vol. 1). IEEE Computer Society. https://doi.org/10.1109/COMPSAC.2016.45

Sartoli, Sara ; Namin, Akbar Siami. / Adaptive Reasoning for Context-Sensitive Access Controls. Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016. editor / William Claycomb ; Dejan Milojicic ; Ling Liu ; Mihhail Matskin ; Zhiyong Zhang ; Sorel Reisman ; Hiroyuki Sato ; Zhiyong Zhang ; Sheikh Iqbal Ahamed. IEEE Computer Society, 2016. pp. 481-486 (Proceedings - International Computer Software and Applications Conference).

@inproceedings{c3e19cea51f64a8cbea534e66583cfd7,

title = "Adaptive Reasoning for Context-Sensitive Access Controls",

abstract = "Many of the current policy-based management systems implement policies that depend on dynamic operational environment contexts. The existing formal-based approaches for enforcing security policies are mainly expressed using first-order logic. A major drawback of using first-order logic in implementing dynamic policies is that new observations cannot override previously inferred consequences. In fact, a security system whose enterprise policies are implemented using first-order logic is required to have complete access to data in advance in order to be able to perform an informed reasoning and enforce restricting policies. As a major problem, the systems designed based on these first order logic-based approaches are often static, inflexible, and hard to manage and scale. This paper introduces an approach for expressing and enforcing adaptive access control policies dynamically. The paper presents a non-monotonic formal approach based on Answer Set Programming where default policies are explicitly separated from context-dependent and exception policies that often occur in dynamic systems and in particular when the required context data are unavailable ahead of time. The results of presented case study demonstrate the flexibility of the proposed approach compared to the first order logic-based context-sensitive approaches as implemented in Organizational-Based Access Control (ORBAC) model.",

keywords = "Access Control, Adaptive Security Policies, Answer Set Programming, Formal Analysis, Management",

author = "Sara Sartoli and Namin, {Akbar Siami}",

note = "Publisher Copyright: {\textcopyright} 2016 IEEE.; 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016 ; Conference date: 10-06-2016 Through 14-06-2016",

year = "2016",

month = aug,

day = "24",

doi = "10.1109/COMPSAC.2016.45",

language = "English",

series = "Proceedings - International Computer Software and Applications Conference",

publisher = "IEEE Computer Society",

pages = "481--486",

editor = "William Claycomb and Dejan Milojicic and Ling Liu and Mihhail Matskin and Zhiyong Zhang and Sorel Reisman and Hiroyuki Sato and Zhiyong Zhang and Ahamed, {Sheikh Iqbal}",

booktitle = "Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016",

}

Sartoli, S & Namin, AS 2016, Adaptive Reasoning for Context-Sensitive Access Controls. in W Claycomb, D Milojicic, L Liu, M Matskin, Z Zhang, S Reisman, H Sato, Z Zhang & SI Ahamed (eds), Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016., 7552052, Proceedings - International Computer Software and Applications Conference, vol. 1, IEEE Computer Society, pp. 481-486, 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016, Atlanta, United States, 06/10/16. https://doi.org/10.1109/COMPSAC.2016.45

Adaptive Reasoning for Context-Sensitive Access Controls. / Sartoli, Sara; Namin, Akbar Siami.
Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016. ed. / William Claycomb; Dejan Milojicic; Ling Liu; Mihhail Matskin; Zhiyong Zhang; Sorel Reisman; Hiroyuki Sato; Zhiyong Zhang; Sheikh Iqbal Ahamed. IEEE Computer Society, 2016. p. 481-486 7552052 (Proceedings - International Computer Software and Applications Conference; Vol. 1).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Adaptive Reasoning for Context-Sensitive Access Controls

AU - Sartoli, Sara

AU - Namin, Akbar Siami

PY - 2016/8/24

Y1 - 2016/8/24

N2 - Many of the current policy-based management systems implement policies that depend on dynamic operational environment contexts. The existing formal-based approaches for enforcing security policies are mainly expressed using first-order logic. A major drawback of using first-order logic in implementing dynamic policies is that new observations cannot override previously inferred consequences. In fact, a security system whose enterprise policies are implemented using first-order logic is required to have complete access to data in advance in order to be able to perform an informed reasoning and enforce restricting policies. As a major problem, the systems designed based on these first order logic-based approaches are often static, inflexible, and hard to manage and scale. This paper introduces an approach for expressing and enforcing adaptive access control policies dynamically. The paper presents a non-monotonic formal approach based on Answer Set Programming where default policies are explicitly separated from context-dependent and exception policies that often occur in dynamic systems and in particular when the required context data are unavailable ahead of time. The results of presented case study demonstrate the flexibility of the proposed approach compared to the first order logic-based context-sensitive approaches as implemented in Organizational-Based Access Control (ORBAC) model.

AB - Many of the current policy-based management systems implement policies that depend on dynamic operational environment contexts. The existing formal-based approaches for enforcing security policies are mainly expressed using first-order logic. A major drawback of using first-order logic in implementing dynamic policies is that new observations cannot override previously inferred consequences. In fact, a security system whose enterprise policies are implemented using first-order logic is required to have complete access to data in advance in order to be able to perform an informed reasoning and enforce restricting policies. As a major problem, the systems designed based on these first order logic-based approaches are often static, inflexible, and hard to manage and scale. This paper introduces an approach for expressing and enforcing adaptive access control policies dynamically. The paper presents a non-monotonic formal approach based on Answer Set Programming where default policies are explicitly separated from context-dependent and exception policies that often occur in dynamic systems and in particular when the required context data are unavailable ahead of time. The results of presented case study demonstrate the flexibility of the proposed approach compared to the first order logic-based context-sensitive approaches as implemented in Organizational-Based Access Control (ORBAC) model.

KW - Access Control

KW - Adaptive Security Policies

KW - Answer Set Programming

KW - Formal Analysis

KW - Management

UR - http://www.scopus.com/inward/record.url?scp=84987962225&partnerID=8YFLogxK

U2 - 10.1109/COMPSAC.2016.45

DO - 10.1109/COMPSAC.2016.45

M3 - Conference contribution

AN - SCOPUS:84987962225

T3 - Proceedings - International Computer Software and Applications Conference

SP - 481

EP - 486

BT - Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016

A2 - Claycomb, William

A2 - Milojicic, Dejan

A2 - Liu, Ling

A2 - Matskin, Mihhail

A2 - Zhang, Zhiyong

A2 - Reisman, Sorel

A2 - Sato, Hiroyuki

A2 - Zhang, Zhiyong

A2 - Ahamed, Sheikh Iqbal

PB - IEEE Computer Society

T2 - 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016

Y2 - 10 June 2016 through 14 June 2016

ER -

Sartoli S, Namin AS. Adaptive Reasoning for Context-Sensitive Access Controls. In Claycomb W, Milojicic D, Liu L, Matskin M, Zhang Z, Reisman S, Sato H, Zhang Z, Ahamed SI, editors, Proceedings - 2016 IEEE 40th Annual Computer Software and Applications Conference, COMPSAC 2016. IEEE Computer Society. 2016. p. 481-486. 7552052. (Proceedings - International Computer Software and Applications Conference). doi: 10.1109/COMPSAC.2016.45

Adaptive Reasoning for Context-Sensitive Access Controls

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this