The evolution of information systems sees an increasing need of flexible and sophisticated approaches for the automated detection of anomalies in security policies. One of these anomalies is redundancy, which may increase the total cost of management of the policies and may reduce the performance of access control mechanisms and of other anomaly detection techniques. We consider three approaches that can remove redundancy from access control policies, progressively reducing the number of authorizations in the policy itself. We show that several problems associated with redundancy are NP-hard. We propose exact solutions to two of these problems, namely the Minimum Policy Problem, which consists in computing the minimum policy that represents the behaviour of the system, and the Minimum Irreducible Policy Problem, consisting in computing the redundancy-free version of a policy with the smallest number of authorizations. Furthermore we propose heuristic solutions to those problems. We also present a comparison between the exact and heuristics solutions based on experiments that use policies derived from bibliographical databases.

(2013). On the Notion of Redundancy in Access Control Policies [conference presentation - intervento a convegno]. Retrieved from http://hdl.handle.net/10446/30190

On the Notion of Redundancy in Access Control Policies

GUARNIERI, Marco;ARRIGONI NERI, Mario;MAGRI, Eros;MUTTI, Simone
2013-01-01

Abstract

The evolution of information systems sees an increasing need of flexible and sophisticated approaches for the automated detection of anomalies in security policies. One of these anomalies is redundancy, which may increase the total cost of management of the policies and may reduce the performance of access control mechanisms and of other anomaly detection techniques. We consider three approaches that can remove redundancy from access control policies, progressively reducing the number of authorizations in the policy itself. We show that several problems associated with redundancy are NP-hard. We propose exact solutions to two of these problems, namely the Minimum Policy Problem, which consists in computing the minimum policy that represents the behaviour of the system, and the Minimum Irreducible Policy Problem, consisting in computing the redundancy-free version of a policy with the smallest number of authorizations. Furthermore we propose heuristic solutions to those problems. We also present a comparison between the exact and heuristics solutions based on experiments that use policies derived from bibliographical databases.
[email protected]
2-s2.0-84883121388
2013
Inglese
18th ACM Symposium on Access Control Models and Technologies, SACMAT '13, Amsterdam, The Netherlands, June 12-14, 2013
Mauro Conti, Jaideep Vaidya, Andreas Schaad
978-1-4503-1950-8
161
172
cartaceo
New York, NY USA
ACM
ACM SACMAT 2013 - 18th ACM Symposium on Access Control Models and Thecnologies
18th
Amsterdam, The Neatherlands
June 12-14, 2013
internazionale
contributo
Settore ING-INF/05 - Sistemi di Elaborazione delle Informazioni
info:eu-repo/semantics/conferenceObject
4
Guarnieri, Marco; ARRIGONI NERI, Mario; Magri, Eros; Mutti, Simone
1.4 Contributi in atti di convegno - Contributions in conference proceedings::1.4.01 Contributi in atti di convegno - Conference presentations
none
no full text
273
(2013). On the Notion of Redundancy in Access Control Policies [conference presentation - intervento a convegno]. Retrieved from http://hdl.handle.net/10446/30190
File allegato/i alla scheda:
Non ci sono file allegati a questa scheda.
Pubblicazioni consigliate

Aisberg ©2008 Servizi bibliotecari, Università degli studi di Bergamo | Terms of use/Condizioni di utilizzo

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10446/30190
Citazioni
  • Scopus 11
  • ???jsp.display-item.citation.isi??? ND
social impact