A search space optimization method for fuzzy access control auditing
- PDF / 1,427,102 Bytes
- 22 Pages / 439.37 x 666.142 pts Page_size
- 46 Downloads / 164 Views
A search space optimization method for fuzzy access control auditing Diogo Domingues Regateiro1
· Óscar Mortágua Pereira1 · Rui L. Aguiar1
Received: 6 June 2019 / Accepted: 4 June 2020 © Springer-Verlag London Ltd., part of Springer Nature 2020
Abstract As data become an increasingly important asset for organizations, so does the access control policies that protect aforesaid data. Many subjects (public, researchers, etc.) are interested in accessing these data, leading to the desire for simple access control. However, some scenarios use vague concepts, such as the “researcher’s expertise”, when making access control decisions. Therefore, access control models based on fuzzy logic have been proposed to handle these scenarios. However, subject attributes can change between access requests and are processed in non-trivial ways by these models to reach a decision. This makes it difficult to audit the capabilities of subjects and their permissions over resources, and consequently, the number of application scenarios naturally suffers. Hence, the contribution of this paper lies in proposing an optimized auditing algorithm that allows fuzzy policies to be validated before being used. An assessment is also carried out to validate the method and its effectiveness. Keywords Optimization · Access control · Fuzzy inference systems · Security and privacy protection
1 Introduction Access control restricts access to a location or resource in a controlled and selective manner, and as such it is an important feature in any physical or digital system [25]. Access control models that embrace real-world ways of managing permissions within the context of their application are among the most successful, of which the Role-based Access Control (RBAC) [8] model is a key reference. However, the quantity and complexity of data that needs to be stored and processed have increased considerably. Furthermore, the fact that classical storage solution requires tight mappings between users, objects, and permissions (e.g. using concepts like roles) is a problem. As new subjects request access to the data, they must be manually assigned to their permissions, which is not always feasible. For example, Wikipedia pages are targets for vandalism as anyone can edit them. Since it is not easy to determine whether a user will vandalize a page or not, the only way to protect it would be to manually authorize each
B 1
Diogo Domingues Regateiro [email protected] Instituto de Telecomunicações, DETI, Universidade de Aveiro, 3810-193 Aveiro, Portugal
123
D. D. Regateiro et al.
modification. Given that the English Wikipedia has over 47 million pages, 880 million edits and just over 1000 administrators, it would be unfeasible. Similar issues can occur in the Internet of Things, where many devices and sensors communicate with one another. The probability that one such device can malfunction is not neglectable; thus, the concept of trust among devices has also been used to accept or reject messages. Many fuzzy access control models have been proposed [2
Data Loading...
