We present the concept of an access control space and investigate how it may be useful in managing access control policies. An access control space represents the permission assignment state of a subject. We identify subspaces that have meaningful semantics. For example, the set permissions explicitly assigned to a subject defines its specified subspace, and constraints define the prohibited subspace. In analyzing these subspaces, we identify two problems: (1) often a significant portion of the access control space has unknown assignment semantics, meaning that it is not defined
whether an assignment in this space should be permitted or not, and (2) often high-level assignments and constraints that are easily understood result in conflicts where permissions are both specified and prohibited. To solve these problems, we have developed a tool, called Gokyo, that enables definition and analysis of access control spaces. Gokyo computes the unknown subspace to show system administrators the ambiguous region and enable them to reduce it. Gokyo identifies conflicting subspaces and enables system administrators to handle subspaces as exceptions, if desired. We
demonstrate the utility of Gokyo by analyzing a web server policy example.
By: Trent Jaeger, Antony Edwards, Xiaolan Zhang
Published in: Proceedings of Seventh ACM Symposium on Access Control Models and Technologies (SACMAT 2002). , ACM. , p.3-12 in 2002
Please obtain a copy of this paper from your local library. IBM cannot distribute this paper externally.
Questions about this service can be mailed to reports@us.ibm.com .