School of Computing

Self-Adaptive Authorization Framework for Policy Based RBAC/ABAC Models

Christopher Bailey, David W. Chadwick, and Rog�rio de Lemos

In Proceedings of the 9th IEEE conference on Dependable, Autonomic and Secure Computing, pages 182-196. IEEE, December 2011 [doi].

Abstract

Authorization systems are an integral part of any network where resources need to be protected. They act as the gateway for providing (or denying) subjects (users) access to resources. As networks expand and organisations start to federate access to their resources, authorization infrastructures become increasingly difficult to manage. In this paper, we explore the potential of self-adaptive authorization as a means to automate the management of the access control configuration. We propose a Self-Adaptive Authorization Framework (SAAF) that is capable of managing any policy based distributed RBAC/ABAC authorization infrastructure. SAAF relies on a feedback control loop to monitor decisions (by policy decision points) of a target authorization infrastructure. These decisions are analysed to form a view of the subjects behaviour to decide whether to adapt the target authorization infrastructure. Adaptations are made in order to either endorse or restrict the identified behaviour, e.g. by loosening or tightening the current authorization policy. We demonstrate in terms of representative scenarios SAAFs ability for detecting abnormal behaviour, such as, misuse of access to system resources, proposing solutions that either prevent/endorse such behaviour, applying a cost function to each of these solutions, and executing the adaptive changes against a target authorization infrastructure.

Download publication 771 kbytes (PDF)

Bibtex Record

@inproceedings{3193,
author = {Christopher Bailey and David W. Chadwick and Rog�rio de Lemos},
title = {{S}elf-{A}daptive {A}uthorization {F}ramework for {P}olicy {B}ased {RBAC}/{ABAC} {M}odels},
month = {December},
year = {2011},
pages = {182-196},
keywords = {determinacy analysis, Craig interpolants},
note = {},
doi = {10.1109/DASC.2011.31},
url = {http://www.cs.kent.ac.uk/pubs/2011/3193},
    publication_type = {inproceedings},
    submission_id = {21558_1324388064},
    booktitle = {Proceedings of the 9th IEEE conference on Dependable, Autonomic and Secure Computing},
    publisher = {IEEE},
}

School of Computing, University of Kent, Canterbury, Kent, CT2 7NF

Enquiries: +44 (0)1227 824180 or contact us.

Last Updated: 21/03/2014