Evaluating the comprehensive complexity of authorization-based access control policies using quantitative metricsReport as inadecuate




Evaluating the comprehensive complexity of authorization-based access control policies using quantitative metrics - Download this document for free, or read online. Document in PDF available to download.

1 RST - Département Réseaux et Services de Télécommunications 2 SAMOVAR - Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux 3 R3S-SAMOVAR - Réseaux, Systèmes, Services, Sécurité SAMOVAR - Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux

Abstract : Access control models allow flexible authoring and management of security policies, using high-level statements. They enable the expression of structured and expressive policies. However, they have an impact on the policy characteristics. The complexity of such policies is one of the affected characteristics. We propose a series of quantitative metrics to assess comprehensive complexity of policies. By comprehensive, we mean the difficulty of understanding a policy by administrators. We formalize the concepts of authorization-based access control models, to propose general metrics regardless of the model. We also show the application of the proposed metrics through a content management system CMS policy example. We outline a proof-of-concept to evaluate the feasibility of our proposal, based on SELinux policies for a general-purpose CMS

Keywords : ICT security Authorization Access control Quantitative security Security assurance Security metrics





Author: Malek Belhaouane - Joaquin Garcia-Alfaro - Hervé Debar -

Source: https://hal.archives-ouvertes.fr/



DOWNLOAD PDF




Related documents