Fig 6 - uploaded by Elisa Bertino
Content may be subject to copyright.
Source publication
Policy-based management (PBM) has been considered as a promising approach for design and enforcement of access management policies for distributed systems. The increasing shift toward federated information sharing in the organizational landscape, however, calls for revisiting current PBM approaches to satisfy the unique security requirements of the...
Context in source publication
Context 1
... predicate functions. A set of available predicate functions is defined through the use of an XML Predicate Function Definition (XPredFuncDef). The predicate definitions must be imported by a domain (using XML namespaces) before using a predicate function in an assignment rule. The top-level X-Grammar syntax of an XPredFuncDef sheet is shown in Fig. ...
Similar publications
This paper conducts a study of the relative effectiveness of the Home Affordable Modification Program (HAMP)-the primary federal mortgage loan modification program-from early 2009 through 2016. It evaluates U.S. Treasury Department and other data sources, and reviews the recent literature on the relative success of the program. The analysis suggest...
Citations
... Similarly, [13] convert results from business process execution languagebased processes into an role-based access control (RBAC) state [15]. Bhatti [16] specifically focus on the detection of security policies, such as separation of duty (SOD) policies. However, SOD policies only represent a small portion of the policies required in IAM systems. ...
... For the authorization policy mining, we facilitate available algorithms (like those proposed at [16,18,21]). These algorithms operate on different types of data, e.g. ...
Due to compliance and IT security requirements, company-wide identity and access management within organizations has gained significant importance in research and practice over the last years. Companies aim at standardizing user management policies in order to reduce administrative overhead and strengthen IT security. These policies provide the foundation for every identity and access management system no matter if poured into IT systems or only located within responsible identity and access management (IAM) engineers’ mind. Despite its relevance, hardly any supportive means for the automated detection and refinement as well as management of policies are available. As a result, policies outdate over time, leading to security vulnerabilities and inefficiencies. Existing research mainly focuses on policy detection and enforcement without providing the required guidance for policy management nor necessary instruments to enable policy adaptibility for today’s dynamic IAM. This paper closes the existing gap by proposing a dynamic policy management process which structures the activities required for policy management in identity and access management environments. In contrast to current approaches, it utilizes the consideration of contextual user management data and key performance indicators for policy detection and refinement and offers result visualization techniques that foster human understanding. In order to underline its applicability, this paper provides an evaluation based on real-life data from a large industrial company.
... 2). Policy engineering deals with the top-down extraction of policies from business processes or workflows [2,5], optionally based on security policy templates as shown in [41] . Authors agree that the policy notation used during policy devel- opment [47] and the provided tool-support [46] are critical success factors for policy engineering. ...
Efficient and secure management of access to resources is a crucial challenge in today's corporate IT environments. During the last years, introducing company-wide Identity and Access Management (IAM) infrastructures building on the Role-based Access Control (RBAC) paradigm has become the de facto standard for granting and revoking access to resources. Due to its static nature, the management of role-based IAM structures, however, leads to increased administrative efforts and is not able to model dynamic business structures. As a result, introducing dynamic attribute-based access privilege provisioning and revocation is currently seen as the next maturity level of IAM. Nevertheless, up to now no structured process for incorporating Attribute-based Access Control (ABAC) policies into static IAM has been proposed. This paper closes the existing research gap by introducing a novel migration guide for extending static IAM systems with dynamic ABAC policies. By means of conducting structured and tool-supported attribute and policy management activities, the migration guide supports organizations to distribute privilege assignments in an application-independent and flexible manner. In order to show its feasibility, we provide a naturalistic evaluation based on two real-world industry use cases.
... Further, in our work, we represent spatial information as spatial constraint which can be attached to any role already existing in an access control policy. Our work is also close to [15], in which constraints on role activation are specified using an XML based grammar. In this work, constraints are defined as temporal and non-temporal, where spatial constraints are defined as the latter. ...
... In this work, constraints are defined as temporal and non-temporal, where spatial constraints are defined as the latter. However, [15] does not exploit the relationship between locations and roles based on spatial relations. ...
Security and privacy of complex systems is a concern due to proliferation of cyber based technologies. Several researchers have pointed out that for the proper enforcement of privacy rules in a complex system, the privacy requirements should be captured in access control systems. In this paper, we present a framework for composition and enforcement of context-aware rules for such systems. The focus of this paper is the design of a system to allow a user (not a system or security administrator) to compose conflict free access control policies for his or her on-line assets. An additional requirement in this case is that such a policy be context-aware. We also present a methodology for verifying the privacy rules to ensure correctness and logical consistency. The verification process is also used to ensure that sensitive security requirements are not violated when privacy rules are enforced.
... Similarly, [11] convert results from Business Process Execution Language-based processes into an RBAC state [13]. Bhatti [14] specifically focus on the detection of security policies, such as separation of duty (SOD) policies. However, SOD policies only represent a small portion of the policies required in IAM systems. ...
Due to compliance and IT security requirements,
company-wide Identity and Access Management within organizations
has gained significant importance in research and
practice over the last years. Companies aim at standardizing
user management policies in order to reduce administrative
overhead and strengthen IT security. Despite of its relevance,
hardly any supportive means for the automated detection and
refinement as well as management of policies are available. As
a result, policies outdate over time, leading to security vulnerabilities
and inefficiencies. Existing research mainly focuses
on policy detection without providing the required guidance
for policy management. This paper closes the existing gap
by proposing a Dynamic Policy Management Process which
structures the activities required for policy management in
Identity and Access Management environments. In contrast to
current approaches it fosters the consideration of contextual
user management data for policy detection and refinement
and offers result visualization techniques that foster human
understanding. In order to underline its applicability, this
paper provides a naturalistic evaluation based on real-life data
from a large industrial company.
... Policy based management has emerged as one of the most promising mechanisms for managing a wide range of heterogeneous autonomous resources both in cyber and physical spaces [7]. The reasons being that the policies are architecture neutral; their composition and enforcement can be decentralized; are attribute based and can include contextual constraints [10]. The constraints, attributes and context provide a generalized formalism for managing a broad range of heterogeneous resources such as schedulers, load balancers and firewalls. ...
The objective of this paper is to present major challenges and a framework for modeling and managing context-aware policy-driven Cyber Infrastructure-Based Systems (CIBS). With the growing reliance on Cyber technology providing solutions for a broad range of CIBS applications, comes the high assurance challenges in terms of reliability, trustworthiness and vulnerabilities. The paper proposes a development framework to allow dynamic reconfigurability of CIBS components under various contexts to achieve a desired degree of assurance.
... For example, Organisational Based Access Control (OrBAC) [15] is an access control policy model that is explicitly designed to allow management policies to be applied in a multi-organisational setting. X-FEDERATE [7] goes one step further in that it incorporates a policy language, a UML-based meta-model and enforcement architecture, and a common policy authoring process designed to help administrators from related organisations to arrive at mutually interoperable management system configurations. Whilst these and similar works are promising they are limited to access control, and do not address wider federation challenge, including, as outlined in this paper the use of federation techniques to integrate or coordinate the behaviour of network-level self-management processes. ...
As it has evolved, the Internet has had to support a broadening range of networking technologies, business models and user interaction modes. Researchers and industry practitioners have realised that this trend necessitates a fundamental rethinking of approaches to network and service management. This has spurred significant research efforts towards developing autonomic network management solutions incorporating distributed self-management processes inspired by biological systems. Whilst significant advances have been made, most solutions focus on management of single network domains and the optimisation of specific management or control processes therein. In this paper we argue that a networking infrastructure providing a myriad of loosely coupled services must inherently support federation of network domains and facilitate coordination of the operation of various management processes for mutual benefit. To this end, we outline a framework for federated management that facilitates the coordination of the behaviour of bio-inspired management processes. Using a case study relating to distribution of IPTV content, we describe how Federal Relationship Managers realising our layered model of management federations can communicate to manage service provision across multiple application/storage/network providers. We outline an illustrative example in which storage providers are dynamically added to a federation to accommodate demand spikes, with appropriate content being migrated to those providers servers under control of a bio-inspired replication process.
... There are various extensions of GTRBAC, including [9] and [10]. Bhatti et al. proposed X-FEDERATE [11], X-GTRBAC [12], X-GTRBAC Admin [13], which are representations of GTRBAC model in XML language. Despite the applicability in multi-domain environments, GTRBAC does not include location and mobility constraints. ...
We present XFPM-RBAC (XML-based formal policy language for mobility with role-based access control), an XML-based specification language for specification of domain and interdomain security policies with location and mobility constraints based on role-based access control. XFPM-RBAC supports specification of locations, mobility, interdomain access rights, role mapping, and separation of duty (SOD) aspects of security policies. XFPM-RBAC builds upon the FPM-RBAC security policy model that we have recently proposed. XFPM-RBAC consists of XML schemas, which define domain security policy, interdomain security policy, locations, mobility, and SOD constructs. A Security Policy Management Interface application is also developed for specification and administration of security policies as a prototype implementation of XFPM-RBAC. XFPM-RBAC supports extraction of formal specifications from security policies for the purpose of automated verification of security policies. Automated extraction of formal specifications is based on XSLT (Extensible Stylesheet Language Transformations). Formal specification of security policies together with location and mobility constraints within security policy rules are based on ambient calculus and ambient logic. Copyright © 2012 John Wiley & Sons, Ltd.
... Current state-of-the-art in the area of multidomain security policy management are mostly related to federated systems. The federated system approach [1,2] requires a centralized knowledge of all system resources and multi-domain users, which are assumed to be static in the network. This approach is not suitable for multi-domain mobile networks where administration is distributed and also users and resources are mobile. ...
Mobile users present challenges for security in multi-domain mobile networks. The actions of mobile users moving across security domains need to be specified and checked against domain and inter-domain policies. We propose a new formal security policy model for multi-domain mobile networks, called FPM-RBAC, Formal Policy Model for Mobility with Role Based Access Control. FPM-RBAC supports the specification of mobility and location constraints, role hierarchy mapping, inter-domain services, inter-domain access rights and separation of duty. Associated with FPM-RBAC, we also present a formal security policy constraint specification language for domain and inter-domain security policies. Formal policy constraint specifications are based on ambient logic and predicate logic. We also use ambient calculus to specify the current state of a mobile network and actions within security policies for evaluation of access requests according to security policies. A novel aspect of the proposed policy model is the support for formal and automated analysis of security policies related to mobility within multiple security domains.
... This requirement includes a provision for a decentralized single-sign-on mechanism within the authorization model, which can enable persistent authorization for customers in terms of their identity and entitlement across multiple clouds. 6 ...
... The proposed architecture (Figure 4) uses the RBAC model, which is recognized for its support for simplifi ed administration and scalability. 6 However, the design of this architecture is generic enough to support other access control policies, such as discretionary access control and multilevel security. ...
... Subsequently, the user acquires the privileges of the locally assigned role or of a mapped role in a remote cloud. 6 ...
The large-scale, dynamic, and heterogeneous nature of cloud computing poses numerous security challenges. But the cloud's main challenge is to provide a robust authorization mechanism that incorporates multitenancy and virtualization aspects of resources. The authors present a distributed architecture that incorporates principles from security management and software engineering and propose key requirements and a design model for the architecture.
... For example, Organisational Based Access Control (OrBAC) [15] is an access control policy model that is explicitly designed to allow management policies to be applied in a multi-organisational setting. X-federate [6] goes one step further in that it incorporates a policy language, an UMLbased meta-model and enforcement architecture, and a common policy authoring process designed to help administrators from related organisations to arrive at mutually interoperable management system configurations. However, these attempts to support federated multi-organisational management through policy languages and frameworks generally assume that the participating organisations will adopt a common architecture, common policy languages, common data-models or even common policyauthoring processes, thereby conflicting with the objective of allowing individual parties to maintain their autonomy and privacy [54]. ...
... Fig. 4 shows a montage of two screen shots from the CBPMS management system. 6 The panel on the left shows a fragment of the domain map, from the point of view of an operator in the StreamToHAN scenario and the panel on the right shows a section of the service operator's capability authority model. Federations are established through invoking the CBPMS federate primitive which creates an association between domains. ...
Cross-domain management is an increasingly important concern in network management and such management capability is a key-enabler of many emerging computing environments. This paper analyses the requirements for management systems that aim to support flexible and general capability sharing between autonomously managed domains. It introduces a novel Layered Federation Model (LFM) to structure this requirements analysis and describes the Federal Relationship Manager (FRM) which instantiates several layers of this model. The FRM combines semantic mapping management and authority management technologies to help solve several of the general management problems that are encountered whenever organisations enter into capability sharing agreements. An overview of related work on federation and the technical underpinnings of our approach are discussed and our work’s particular relevance to real world problems is explained through two service-centric use cases which involve the end-to-end delivery of a multimedia stream to a user’s home across several independent operators. Finally, experimental results are presented to highlight the practical advantages of our approach.
