Enforcing security properties in task-Based systems

Keith Irwin; Ting Yu; William H. Winsborough

doi:10.1145/1377836.1377843

Enforcing security properties in task-Based systems

Keith Irwin^*, Ting Yu, William H. Winsborough

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

9 Citations (Scopus)

Abstract

Though a user's privileges are often granted based on the tasks that the user is expected to fulfill, the concept of tasks is usually not explicitly modeled in access control. We propose a system where tasks are the central concept that associates users to privileges. Ideally a user should be able to utilize these privileges and fulfill his tasks, but not to take harmful actions. To ensure this, a system often specifies a high-level security property to restrict the sequence of actions that a user can perform. In this paper, we propose a general model of access control in task-based system. This model considers the permissions a user as well as their temporal availability. Based on this model, we investigate the problem of enforcing security properties both statically (i.e., when tasks are assigned) and dynamically (i.e., when actions are performed). We study the complexity of static enforcement, and design efficient dynamic enforcement algorithms that avoiding unnecessary history tracking.

Original language	English
Title of host publication	SACMAT'08 - Proceedings of the 13th ACM Symposium on Access Control Models and Technologies
Pages	41-50
Number of pages	10
DOIs	https://doi.org/10.1145/1377836.1377843
Publication status	Published - 2008
Externally published	Yes
Event	13th ACM Symposium on Access Control Models and Technologies, SACMAT'08 - Estes Park, CO, United States Duration: 11 Jun 2008 → 13 Jun 2008

Publication series

Name	Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Conference

Conference	13th ACM Symposium on Access Control Models and Technologies, SACMAT'08
Country/Territory	United States
City	Estes Park, CO
Period	11/06/08 → 13/06/08

Keywords

Policy
Security properties
Task-based access control

Access to Document

10.1145/1377836.1377843

Cite this

@inproceedings{3313782a338d477690480e767d127203,

title = "Enforcing security properties in task-Based systems",

abstract = "Though a user's privileges are often granted based on the tasks that the user is expected to fulfill, the concept of tasks is usually not explicitly modeled in access control. We propose a system where tasks are the central concept that associates users to privileges. Ideally a user should be able to utilize these privileges and fulfill his tasks, but not to take harmful actions. To ensure this, a system often specifies a high-level security property to restrict the sequence of actions that a user can perform. In this paper, we propose a general model of access control in task-based system. This model considers the permissions a user as well as their temporal availability. Based on this model, we investigate the problem of enforcing security properties both statically (i.e., when tasks are assigned) and dynamically (i.e., when actions are performed). We study the complexity of static enforcement, and design efficient dynamic enforcement algorithms that avoiding unnecessary history tracking.",

keywords = "Policy, Security properties, Task-based access control",

author = "Keith Irwin and Ting Yu and Winsborough, {William H.}",

year = "2008",

doi = "10.1145/1377836.1377843",

language = "English",

isbn = "9781605581293",

series = "Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT",

pages = "41--50",

booktitle = "SACMAT'08 - Proceedings of the 13th ACM Symposium on Access Control Models and Technologies",

note = "13th ACM Symposium on Access Control Models and Technologies, SACMAT'08 ; Conference date: 11-06-2008 Through 13-06-2008",

}

Irwin, K, Yu, T & Winsborough, WH 2008, Enforcing security properties in task-Based systems. in SACMAT'08 - Proceedings of the 13th ACM Symposium on Access Control Models and Technologies., 1377843, Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT, pp. 41-50, 13th ACM Symposium on Access Control Models and Technologies, SACMAT'08, Estes Park, CO, United States, 11/06/08. https://doi.org/10.1145/1377836.1377843

Enforcing security properties in task-Based systems. / Irwin, Keith; Yu, Ting; Winsborough, William H.
SACMAT'08 - Proceedings of the 13th ACM Symposium on Access Control Models and Technologies. 2008. p. 41-50 1377843 (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Enforcing security properties in task-Based systems

AU - Irwin, Keith

AU - Yu, Ting

AU - Winsborough, William H.

PY - 2008

Y1 - 2008

N2 - Though a user's privileges are often granted based on the tasks that the user is expected to fulfill, the concept of tasks is usually not explicitly modeled in access control. We propose a system where tasks are the central concept that associates users to privileges. Ideally a user should be able to utilize these privileges and fulfill his tasks, but not to take harmful actions. To ensure this, a system often specifies a high-level security property to restrict the sequence of actions that a user can perform. In this paper, we propose a general model of access control in task-based system. This model considers the permissions a user as well as their temporal availability. Based on this model, we investigate the problem of enforcing security properties both statically (i.e., when tasks are assigned) and dynamically (i.e., when actions are performed). We study the complexity of static enforcement, and design efficient dynamic enforcement algorithms that avoiding unnecessary history tracking.

AB - Though a user's privileges are often granted based on the tasks that the user is expected to fulfill, the concept of tasks is usually not explicitly modeled in access control. We propose a system where tasks are the central concept that associates users to privileges. Ideally a user should be able to utilize these privileges and fulfill his tasks, but not to take harmful actions. To ensure this, a system often specifies a high-level security property to restrict the sequence of actions that a user can perform. In this paper, we propose a general model of access control in task-based system. This model considers the permissions a user as well as their temporal availability. Based on this model, we investigate the problem of enforcing security properties both statically (i.e., when tasks are assigned) and dynamically (i.e., when actions are performed). We study the complexity of static enforcement, and design efficient dynamic enforcement algorithms that avoiding unnecessary history tracking.

KW - Policy

KW - Security properties

KW - Task-based access control

UR - http://www.scopus.com/inward/record.url?scp=57349200518&partnerID=8YFLogxK

U2 - 10.1145/1377836.1377843

DO - 10.1145/1377836.1377843

M3 - Conference contribution

AN - SCOPUS:57349200518

SN - 9781605581293

T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

SP - 41

EP - 50

BT - SACMAT'08 - Proceedings of the 13th ACM Symposium on Access Control Models and Technologies

T2 - 13th ACM Symposium on Access Control Models and Technologies, SACMAT'08

Y2 - 11 June 2008 through 13 June 2008

ER -

Enforcing security properties in task-Based systems

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this