Detection of Multiple-Duty-Related Security Leakage in Access Control Policies

Free registration required

Executive Summary

Access control mechanisms control which subjects (Such as users or processes) has access to which resources. To facilitate managing access control, policy authors increasingly write access control policies in XACML. Access control policies written in XACML could be amenable to multiple-duty-related security leakage, which grants unauthorized access to a user when the user takes multiple duties (e.g., Multiple roles in role-based access control policies). To help policy authors detect multiple-duty-related security leakage, the authors develop a novel framework that analyzes policies and detects cases that potentially cause the leakage.

  • Format: PDF
  • Size: 284.8 KB