Skip to Main content Skip to Navigation
Conference papers

Extending Multivalued Dependencies for Refactoring Access Control Policies

Matteo Casalino 1 Romuald Thion 1
1 BD - Base de Données
LIRIS - Laboratoire d'InfoRmatique en Image et Systèmes d'information
Abstract : Policy-based access control is a well-established paradigm for securing layered IT systems. Access control policies, however, often do not focus on dedicated architecture layers (e.g., network, web, application), but increasingly employ concepts of multiple layers. Web application servers, for instance, typically support request filtering on the basis of network addresses. The resulting flexibility comes with increased management complexity and the risk of security-relevant misconfiguration when looking at the various policies in isolation. In this paper we focus on policy refactoring, i.e., the task of finding the least permissive rewriting of a collection of policies such that the global composed policy remains identical. Some connections between access control and the relational model have been already identified in literature. Following this avenue, we argue that normalization theory can help to solve the refactoring problem. By exploiting techniques inspired from multivalued dependencies, we lay down the foundations of a theoretical framework that allows (i) to describe authorization policies from different architecture layers, (ii) to capture the relationships between layers in order to create a universal view of the global policy, and (iii) to decompose the global policy into a collection of simpler ones.
Document type :
Conference papers
Complete list of metadatas

https://hal.archives-ouvertes.fr/hal-01581451
Contributor : Équipe Gestionnaire Des Publications Si Liris <>
Submitted on : Monday, September 4, 2017 - 4:42:23 PM
Last modification on : Wednesday, July 8, 2020 - 12:43:37 PM

Identifiers

  • HAL Id : hal-01581451, version 1

Citation

Matteo Casalino, Romuald Thion. Extending Multivalued Dependencies for Refactoring Access Control Policies. Journées "Bases de Données Avancées" (BDA), Oct 2013, Nantes, France, France. ⟨hal-01581451⟩

Share

Metrics

Record views

80