Resiliency Policies in Access Control Revisited

Abstract : Resiliency is a relatively new topic in the context of access control. Informally, it refers to the extent to which a multi-user computer system, subject to an authorization policy, is able to continue functioning if a number of authorized users are unavailable. Several interesting problems connected to resiliency were introduced by Li, Wang and Tripunitara [13], many of which were found to be intractable. In this paper, we show that these resiliency problems have unexpected connections with the workflow satisfiability problem (WSP). In particular, we show that an instance of the resiliency checking problem (RCP) may be reduced to an instance of WSP. We then demonstrate that recent advances in our understanding of WSP enable us to develop fixed-parameter tractable algorithms for RCP. Moreover, these algorithms are likely to be useful in practice, given recent experimental work demonstrating the advantages of bespoke algorithms to solve WSP. We also generalize RCP in several different ways, showing in each case how to adapt the reduction to WSP. Li et al also showed that the coexistence of resiliency policies and static separation-of-duty policies gives rise to further interesting questions. We show how our reduction of RCP to WSP may be extended to solve these problems as well and establish that they are also fixed-parameter tractable.
Document type :
Conference papers
Complete list of metadatas
Contributor : Remi Watrigant <>
Submitted on : Monday, January 28, 2019 - 9:38:40 AM
Last modification on : Wednesday, January 30, 2019 - 1:18:41 AM




Jason Crampton, Gregory Gutin, Rémi Watrigant. Resiliency Policies in Access Control Revisited. SACMAT: Symposium on Access Control Models and Technologies, Jun 2016, Shanghai, China. pp.101-111, ⟨10.1145/2914642.2914650⟩. ⟨hal-01995964⟩



Record views