ABSTRACT
This panel will address the following question. Does an increase in the granularity of access control systems produce a measurable reduction in risk and help meet the goals of the organization, or is the cost prohibitively high?
After decades of access control research, products, and practice, there has been a trend towards more complex access control policies and models that more finely restrict (or allow) access to resources. This allows policy administrators to more closely specify any high level abstract policy they may have in mind, or accurately enforce regulations such as HIPPA, SOX, or PCI. The end goal is to allow only those actions that are desirable in hindsight, or via an approach to which Bishop et al. refer as the Oracle Policy.
As the expressive power of access control models can vary, an administrator may need a more powerful model to specify the high level policy they need for their particular application. It is not uncommon for new models to add new key-attributes, data-sources, features, or relations to provide a richer set of tools. This has resulted in an explosion of new one-off models in the literature, few of which make their way to real products or deployment.
To increase the expressive power of a model, increase its granularity, reduce the complexity of administration and to answer desirable security queries such as safety, a plethora of new concepts have been added to access control models. To name a few: groups and roles; hierarchies and constraints; parameterized permissions; exceptions; time and location of users and resources; relationships between subjects; attributes of subjects, objects, and actions; information flow; conflict of interest classes; obligations; trust, benefit, and risk; workflows; delegation; situational awareness and context; and so on.
All of these constructs build to a meta-model, as Barker observes.
This granularity has resulted in many novel and useful findings, new algorithms, and challenging open research issues, but poses potential problems as well. With granularity often comes complexity which manifests itself in specifying policies, managing and maintaining policies over time, and auditing logs to ensure compliance.
This panel will discuss issues surrounding the problem of complexity in access control. From designing and specifying new models, designing enforcement mechanisms on real-world systems, policy lifecycle, and the role of analytics from automatically generating policies to auditing logs. So, is this complexity worth it? Does increasing the granularity produce a measurable reduction in the risk to sensitive resources and protect the goals of the organization or is the cost prohibitively high?
Can we ever truly specify a "correct" and "complete" policy, which may be too dynamic and require the interpretation of the courts to decide, especially when policies are intended to enforce ambiguous regulations. Finally, at what cost should we strive for a perfect, fine-grained policy? Should more resources be places on recovery from security breaches than on prevention? Should we be "going for mean time to repair equals zero rather than mean time between failure equals infinity."
- S. Barker. The next 700 access control models or a unifying meta-model? In SACMAT, pages 187--196, 2009. Google ScholarDigital Library
- M. Bishop, S. Engle, D. Frincke, C. Gates, F. Greitzer, S. Peisert, and S. Whalen. A risk management approach to the "insider threat". In C. W. Probst, J. Hunker, D. Gollmann, and M. Bishop, editors, Insider Threats in Cyber Security, volume 49 of Advances in Information Security, pages 115--137. Springer US, 2010.Google Scholar
- G. McGraw. Silver bullet speaks with Dan Geer. Security Privacy, IEEE, 4(4):10--13, 2006. Google ScholarDigital Library
- M. V. Tripunitara and N. Li. A Theory for Comparing the Expressive Power of Access Control Models. Journal of Computer Security, 15:231--272, 2007. Google ScholarDigital Library
Index Terms
- Panel on granularity in access control
Recommendations
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed SystemsRole-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Constraints-based access control
Das'01: Proceedings of the fifteenth annual working conference on Database and application securityThe most important aspect of security in a database after establishing the authenticity of the user is its access control mechanism. The ability of this access control mechanism to express the security policy can make or break the system.This paper ...
Attribute based access control scheme with controlled access delegation for collaborative E-health environments
Modern electronic healthcare (e-health) settings constitute collaborative environments with complex access requirements. Thus, there is a need for sophisticated fine-grained access control mechanisms to cater these access demands and thereby experience ...
Comments