The Design and Demonstration of an Actor-Based, Application-Aware Access Control Evaluation Framework
Abstract
To date, most work regarding the formal analysis of access control schemes has focused on quantifying and comparing the expressive power of a set of schemes. Although expressive power is important, it is a property that exists in an absolute sense, detached from the application-specific context within which an access control scheme will ultimately be deployed. In this paper, by contrast, we formalize the access control suitability analysis problem, which seeks to evaluate the degree to which a set of candidate access control schemes can meet the needs of an application-specific workload. This process involves both reductions to assess whether a scheme is capable of implementing a workload, as well as cost analysis using ordered measures to quantify the overheads of using each candidate scheme to service the workload. We develop a mathematical framework for analyzing instances of the suitability analysis problem, and evaluate this framework both formally (by quantifying its efficiency and accuracy properties) and practically (by exploring a group-based messaging workload from the literature). An ancillary contribution of our work is the identification of auxiliary machines, which are a useful class of modifications that can be made to enhance the expressive power of an access control scheme without negatively impacting the safety properties of the scheme.
- Publication:
-
arXiv e-prints
- Pub Date:
- February 2013
- DOI:
- 10.48550/arXiv.1302.1134
- arXiv:
- arXiv:1302.1134
- Bibcode:
- 2013arXiv1302.1134G
- Keywords:
-
- Computer Science - Cryptography and Security
- E-Print:
- 27-page extended version of "An Actor-Based, Application-Aware Access Control Evaluation Framework"