Enforcing security properties in task-Based systems

Keith Irwin, Ting Yu, William H. Winsborough

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Citations (Scopus)

Abstract

Though a user's privileges are often granted based on the tasks that the user is expected to fulfill, the concept of tasks is usually not explicitly modeled in access control. We propose a system where tasks are the central concept that associates users to privileges. Ideally a user should be able to utilize these privileges and fulfill his tasks, but not to take harmful actions. To ensure this, a system often specifies a high-level security property to restrict the sequence of actions that a user can perform. In this paper, we propose a general model of access control in task-based system. This model considers the permissions a user as well as their temporal availability. Based on this model, we investigate the problem of enforcing security properties both statically (i.e., when tasks are assigned) and dynamically (i.e., when actions are performed). We study the complexity of static enforcement, and design efficient dynamic enforcement algorithms that avoiding unnecessary history tracking.

Original languageEnglish
Title of host publicationProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
Pages41-50
Number of pages10
DOIs
Publication statusPublished - 15 Dec 2008
Externally publishedYes
Event13th ACM Symposium on Access Control Models and Technologies, SACMAT'08 - Estes Park, CO, United States
Duration: 11 Jun 200813 Jun 2008

Other

Other13th ACM Symposium on Access Control Models and Technologies, SACMAT'08
CountryUnited States
CityEstes Park, CO
Period11/6/0813/6/08

Fingerprint

Access control
Availability

Keywords

  • Policy
  • Security properties
  • Task-based access control

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems

Cite this

Irwin, K., Yu, T., & Winsborough, W. H. (2008). Enforcing security properties in task-Based systems. In Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT (pp. 41-50). [1377843] https://doi.org/10.1145/1377836.1377843

Enforcing security properties in task-Based systems. / Irwin, Keith; Yu, Ting; Winsborough, William H.

Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT. 2008. p. 41-50 1377843.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Irwin, K, Yu, T & Winsborough, WH 2008, Enforcing security properties in task-Based systems. in Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT., 1377843, pp. 41-50, 13th ACM Symposium on Access Control Models and Technologies, SACMAT'08, Estes Park, CO, United States, 11/6/08. https://doi.org/10.1145/1377836.1377843
Irwin K, Yu T, Winsborough WH. Enforcing security properties in task-Based systems. In Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT. 2008. p. 41-50. 1377843 https://doi.org/10.1145/1377836.1377843
Irwin, Keith ; Yu, Ting ; Winsborough, William H. / Enforcing security properties in task-Based systems. Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT. 2008. pp. 41-50
@inproceedings{d594a9c685284de7a8752530be89060c,
title = "Enforcing security properties in task-Based systems",
abstract = "Though a user's privileges are often granted based on the tasks that the user is expected to fulfill, the concept of tasks is usually not explicitly modeled in access control. We propose a system where tasks are the central concept that associates users to privileges. Ideally a user should be able to utilize these privileges and fulfill his tasks, but not to take harmful actions. To ensure this, a system often specifies a high-level security property to restrict the sequence of actions that a user can perform. In this paper, we propose a general model of access control in task-based system. This model considers the permissions a user as well as their temporal availability. Based on this model, we investigate the problem of enforcing security properties both statically (i.e., when tasks are assigned) and dynamically (i.e., when actions are performed). We study the complexity of static enforcement, and design efficient dynamic enforcement algorithms that avoiding unnecessary history tracking.",
keywords = "Policy, Security properties, Task-based access control",
author = "Keith Irwin and Ting Yu and Winsborough, {William H.}",
year = "2008",
month = "12",
day = "15",
doi = "10.1145/1377836.1377843",
language = "English",
isbn = "9781605581293",
pages = "41--50",
booktitle = "Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT",

}

TY - GEN

T1 - Enforcing security properties in task-Based systems

AU - Irwin, Keith

AU - Yu, Ting

AU - Winsborough, William H.

PY - 2008/12/15

Y1 - 2008/12/15

N2 - Though a user's privileges are often granted based on the tasks that the user is expected to fulfill, the concept of tasks is usually not explicitly modeled in access control. We propose a system where tasks are the central concept that associates users to privileges. Ideally a user should be able to utilize these privileges and fulfill his tasks, but not to take harmful actions. To ensure this, a system often specifies a high-level security property to restrict the sequence of actions that a user can perform. In this paper, we propose a general model of access control in task-based system. This model considers the permissions a user as well as their temporal availability. Based on this model, we investigate the problem of enforcing security properties both statically (i.e., when tasks are assigned) and dynamically (i.e., when actions are performed). We study the complexity of static enforcement, and design efficient dynamic enforcement algorithms that avoiding unnecessary history tracking.

AB - Though a user's privileges are often granted based on the tasks that the user is expected to fulfill, the concept of tasks is usually not explicitly modeled in access control. We propose a system where tasks are the central concept that associates users to privileges. Ideally a user should be able to utilize these privileges and fulfill his tasks, but not to take harmful actions. To ensure this, a system often specifies a high-level security property to restrict the sequence of actions that a user can perform. In this paper, we propose a general model of access control in task-based system. This model considers the permissions a user as well as their temporal availability. Based on this model, we investigate the problem of enforcing security properties both statically (i.e., when tasks are assigned) and dynamically (i.e., when actions are performed). We study the complexity of static enforcement, and design efficient dynamic enforcement algorithms that avoiding unnecessary history tracking.

KW - Policy

KW - Security properties

KW - Task-based access control

UR - http://www.scopus.com/inward/record.url?scp=57349200518&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=57349200518&partnerID=8YFLogxK

U2 - 10.1145/1377836.1377843

DO - 10.1145/1377836.1377843

M3 - Conference contribution

AN - SCOPUS:57349200518

SN - 9781605581293

SP - 41

EP - 50

BT - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

ER -