The Authorization Policy Existence Problem

Pierre Bergé 1 Jason Crampton 2 Gregory Gutin 2 Rémi Watrigant 3, 4
3 ABS - Algorithms, Biology, Structure
CRISAM - Inria Sophia Antipolis - Méditerranée
4 COATI - Combinatorics, Optimization and Algorithms for Telecommunications
CRISAM - Inria Sophia Antipolis - Méditerranée , Laboratoire I3S - COMRED - COMmunications, Réseaux, systèmes Embarqués et Distribués
Abstract : Constraints such as separation-of-duty are widely used to specify requirements that supplement basic authorization policies. However, the existence of constraints (and authorization policies) may mean that a user is unable to fulfill her/his organizational duties because access to resources is denied. In short, there is a tension between the need to protect resources (using policies and constraints) and the availability of resources. Recent work on workflow satisfiability and resiliency in access control asks whether this tension compromises the ability of an organization to achieve its objectives. In this paper, we develop a new method of specifying constraints which subsumes much related work and allows a wider range of constraints to be specified. The use of such constraints leads naturally to a range of questions related to“policy existence”, where a positive answer means that an organization’s objectives can be realized. We provide an overview of our results establishing that some policy existence questions, notably for those instances that are restricted to user-independent constraints, are fixed-parameter tractable.
Complete list of metadatas
Contributor : Remi Watrigant <>
Submitted on : Monday, January 28, 2019 - 9:47:48 AM
Last modification on : Wednesday, March 13, 2019 - 1:21:36 AM

Links full text



Pierre Bergé, Jason Crampton, Gregory Gutin, Rémi Watrigant. The Authorization Policy Existence Problem. CODASPY: Conference on Data and Application Security and Privacy, Mar 2017, Scottsdale, United States. pp.163-165, ⟨10.1145/3029806.3029844⟩. ⟨hal-01995978⟩



Record views