Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/node/12204' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/node/12204' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Cost-effective enforcement of UCON policies | IIT - CNR - Istituto di Informatica e Telematica
IIT Home Page CNR Home Page

Cost-effective enforcement of UCON policies

In Usage CONtrol (UCON) access decisions rely on mutable attributes. A reference monitor should re-evaluate security policies each time when attributes change their values. Catching timely all attribute changes is a challenging issue, especially if the attribute provider and the reference monitor reside in different security domains. Some attribute changes might be missed, corrupted, and delayed. As a result, the reference monitor may erroneously grant the access to malicious users and forbid it for eligible users.
This paper proposes a set of policy enforcement models which help to tolerate uncertainties associated with mutable attributes. In our model the reference monitor as usually evaluates logical predicates over attributes and additionally makes some estimates on how much observed attribute values differ from the real state of the world. The final access decision counts both factors. We assign monetary outcomes for granting and revoking access to legitimate and malicious users and compare the proposed policy
enforcement models in terms of cost-efficiency.


6th International Conf. on Risks and Security of Internet and Systems, Timisoara, 2011

Autori IIT:

Leanid Krautsevich

Foto di Leanid Krautsevich

Aliaksandr Lazouski

Foto di Aliaksandr Lazouski

Tipo: Articolo in Atti di convegno internazionale
Area di disciplina: Information Technology and Communication Systems

File: Cost-Effective_Enforcement.pdf