ABSTRACT
A high-level security policy states an overall safety requirement for a sensitive task. One example of a high-level security policy is a separation of duty policy, which requires a sensitive task to be performed by a team of at least k users. Recently, Li and Wang [6] proposed an algebra for specifying a wide range of high-level security policies with both qualification and quantity requirements on users who perform a task. In this paper, we study the problem of direct static enforcement of high-level security policies expressed in this algebra. We formally define the notion of a static safety policy, which requires that every set of users together having all permissions needed to complete a sensitive task must contain a subset that satisfies the corresponding security requirement expressed as a term in the algebra. The static safety checking problem asks whether an access control state satisfies a given high-level policy. We study several computational problems related to the static safety checking problem, and design and evaluate an algorithm for solving the problem.
- D. D. Clark and D. R. Wilson. A comparision of commercial and military computer security policies. In Proceedings of the 1987 IEEE Symposium on Security and Privacy, pages 184--194. IEEE Computer Society Press, May 1987.Google ScholarCross Ref
- S. Foley, L. Gong, and X. Qian. A security model of dynamic labeling providing a tiered approach to verification. In Proceedings of IEEE Symposium on Research in Security and Privacy, pages 142--153, May 1996. Google ScholarDigital Library
- S. N. Foley. The specification and implementation of 'commercial' security requirements including dynamic segregation of duties. In Proc. ACM Conference on Computer and Communications Security (CCS), pages 125--134, 1997. Google ScholarDigital Library
- M. R. Garey and D. J. Johnson. Computers And Intractability: A Guide to the Theory of NP-Completeness. W.H. Freeman and Company, 1979. Google ScholarDigital Library
- N. Li, Z. Bizri, and M. V. Tripunitara. On mutually-exclusive roles and separation of duty. In Proc. ACM Conference on Computer and Communications Security (CCS), pages 42--51. ACM Press, Oct. 2004. Google ScholarDigital Library
- N. Li and Q. Wang. Beyond separation of duty: An algebra for specifying high-level security policies. In Proc. ACM Conference on Computer and Communications Security (CCS), Nov. 2006. Google ScholarDigital Library
- M. J. Nash and K. R. Poland. Some conundrums concerning separation of duty. In Proceedings of IEEE Symposium on Research in Security and Privacy, pages 201--209, May 1990.Google ScholarCross Ref
- C. H. Papadimitrou and K. Steiglitz. Combinatorial Optimization. Prentice Hall, 1982. Google ScholarDigital Library
- J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278--1308, September 1975.Google Scholar
- R. Sandhu. Separation of duties in computerized information systems. In Proceedings of the IFIP WG11.3 Workshop on Database Security, Sept. 1990.Google Scholar
- R. S. Sandhu. Transaction control expressions for separation of duties. In Proceedings of the Fourth Annual Computer Security Applications Conference (ACSAC'88), Dec. 1988.Google ScholarCross Ref
- J. A. Solworth. Approvability. In ASIACCS '06: Proceedings of the 2006 ACM Symposium on Information, computer and communications security, pages 231--242. ACM Press, 2006. Google ScholarDigital Library
- Q. Wang and N. Li. Direct static enforcement of high-level security policies. Technical Report CERIAS-TR-2006-40, Center for Education and Research in Information Assurance and Security, Purdue University, Dec. 2006.Google Scholar
Index Terms
- Direct static enforcement of high-level security policies
Recommendations
Enforcement of Security Properties for Dynamic MAC Policies
SECURWARE '09: Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and TechnologiesThis paper focuses on the enforcement of security properties fitting with dynamic Mandatory Access Control policies. It adds complementary results to previous works of the authors in order to better address dynamic policies. Previous works of the ...
Expressive Declassification Policies and Modular Static Enforcement
SP '08: Proceedings of the 2008 IEEE Symposium on Security and PrivacyThis paper provides a way to specify expressive declassification policies, in particular, when, what, and where policies that include conditions under which downgrading is allowed. Secondly, an end-to-end semantic property is introduced, based on a ...
Comments