Enforcing security properties in task-Based systems

Keith Irwin, Ting Yu, William H. Winsborough

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Citations (Scopus)

Abstract

Though a user's privileges are often granted based on the tasks that the user is expected to fulfill, the concept of tasks is usually not explicitly modeled in access control. We propose a system where tasks are the central concept that associates users to privileges. Ideally a user should be able to utilize these privileges and fulfill his tasks, but not to take harmful actions. To ensure this, a system often specifies a high-level security property to restrict the sequence of actions that a user can perform. In this paper, we propose a general model of access control in task-based system. This model considers the permissions a user as well as their temporal availability. Based on this model, we investigate the problem of enforcing security properties both statically (i.e., when tasks are assigned) and dynamically (i.e., when actions are performed). We study the complexity of static enforcement, and design efficient dynamic enforcement algorithms that avoiding unnecessary history tracking.

Original languageEnglish
Title of host publicationSACMAT'08 - Proceedings of the 13th ACM Symposium on Access Control Models and Technologies
Pages41-50
Number of pages10
DOIs
Publication statusPublished - 15 Dec 2008
Event13th ACM Symposium on Access Control Models and Technologies, SACMAT'08 - Estes Park, CO, United States
Duration: 11 Jun 200813 Jun 2008

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Other

Other13th ACM Symposium on Access Control Models and Technologies, SACMAT'08
CountryUnited States
CityEstes Park, CO
Period11/6/0813/6/08

    Fingerprint

Keywords

  • Policy
  • Security properties
  • Task-based access control

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems

Cite this

Irwin, K., Yu, T., & Winsborough, W. H. (2008). Enforcing security properties in task-Based systems. In SACMAT'08 - Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (pp. 41-50). [1377843] (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT). https://doi.org/10.1145/1377836.1377843