Cost-effective enforcement of UCONA policies

Leanid Krautsevich, Aliaksandr Lazouski, Fabio Martinelli, Artsiom Yautsiukhin
2011 2011 6th International Conference on Risks and Security of Internet and Systems (CRiSIS)  
In Usage CONtrol (UCON) access decisions rely on mutable attributes. A reference monitor should re-evaluate security policies each time when attributes change their values. Catching timely all attribute changes is a challenging issue, especially if the attribute provider and the reference monitor reside in different security domains. Some attribute changes might be missed, corrupted, and delayed. As a result, the reference monitor may erroneously grant the access to malicious users and forbid
more » ... for eligible users. This paper proposes a set of policy enforcement models which help to tolerate uncertainties associated with mutable attributes. In our model the reference monitor as usually evaluates logical predicates over attributes and additionally makes some estimates on how much observed attribute values differ from the real state of the world. The final access decision counts both factors. We assign monetary outcomes for granting and revoking access to legitimate and malicious users and compare the proposed policy enforcement models in terms of cost-efficiency.
doi:10.1109/crisis.2011.6061833 dblp:conf/crisis/KrautsevichLMY11 fatcat:ojfkglpsqbbtdceb7ufljyvcci