A comprehensive approach to the automatic refinement and verification of access control policies. Cheminod, M., Durante, L., Seno, L., Valenza, F., & Valenzano, A. Computers and Security, 80:186–199, 2019. ![A comprehensive approach to the automatic refinement and verification of access control policies [pdf]](https://bibbase.org/img/filetypes/pdf.svg "pdf")
Paper doi abstract bibtex 10 downloads Access control is one of the building blocks of network security and is often managed by network administrators through the definition of sets of high-level policies meant to regulate network behavior (policy-based management). In this scenario, policy refinement and verification are important processes that have to be dealt with carefully, possibly relaying on computer-aided automated software tools. This paper presents a comprehensive approach for access control policy refinement, verification and, in case errors are detected in the policy implementation, their fixing. The proposed methodology is based on a twofold model able to describe both policies and system configurations and allows, by suitably processing the model, to either propose a system configuration that correctly enforces the policies, or determine whether a specific implementation matches the policy specification also providing hints on how possible anomalies can be fixed. Results on the average complexity of the solution confirm its feasibility in terms of computation time, even for complex networked systems consisting of several hundred nodes. © 2018 Elsevier Ltd
@Article{2019COSE,
author = {Manuel Cheminod and Luca Durante and Lucia Seno and Fulvio Valenza and Adriano Valenzano},
doi = {10.1016/j.cose.2018.09.013},
journal = {Computers and Security},
pages = {186--199},
title = {A comprehensive approach to the automatic refinement and verification of access control policies},
volume = {80},
year = {2019},
abstract={Access control is one of the building blocks of network security and is often managed by network administrators through the definition of sets of high-level policies meant to regulate network behavior (policy-based management). In this scenario, policy refinement and verification are important processes that have to be dealt with carefully, possibly relaying on computer-aided automated software tools. This paper presents a comprehensive approach for access control policy refinement, verification and, in case errors are detected in the policy implementation, their fixing. The proposed methodology is based on a twofold model able to describe both policies and system configurations and allows, by suitably processing the model, to either propose a system configuration that correctly enforces the policies, or determine whether a specific implementation matches the policy specification also providing hints on how possible anomalies can be fixed. Results on the average complexity of the solution confirm its feasibility in terms of computation time, even for complex networked systems consisting of several hundred nodes. © 2018 Elsevier Ltd},
keywords={Access Control Policy, Industrial Networked Systems},
url = {https://iris.polito.it/retrieve/handle/11583/2724584/356856/main.pdf}
}
Downloads: 10
{"_id":"kFMxLCPXDjBQJgyBb","bibbaseid":"cheminod-durante-seno-valenza-valenzano-acomprehensiveapproachtotheautomaticrefinementandverificationofaccesscontrolpolicies-2019","authorIDs":["anJrBcCdr4LzzWetx","x5vNTEJ4s3raTsibp"],"author_short":["Cheminod, M.","Durante, L.","Seno, L.","Valenza, F.","Valenzano, A."],"bibdata":{"bibtype":"article","type":"article","author":[{"firstnames":["Manuel"],"propositions":[],"lastnames":["Cheminod"],"suffixes":[]},{"firstnames":["Luca"],"propositions":[],"lastnames":["Durante"],"suffixes":[]},{"firstnames":["Lucia"],"propositions":[],"lastnames":["Seno"],"suffixes":[]},{"firstnames":["Fulvio"],"propositions":[],"lastnames":["Valenza"],"suffixes":[]},{"firstnames":["Adriano"],"propositions":[],"lastnames":["Valenzano"],"suffixes":[]}],"doi":"10.1016/j.cose.2018.09.013","journal":"Computers and Security","pages":"186–199","title":"A comprehensive approach to the automatic refinement and verification of access control policies","volume":"80","year":"2019","abstract":"Access control is one of the building blocks of network security and is often managed by network administrators through the definition of sets of high-level policies meant to regulate network behavior (policy-based management). In this scenario, policy refinement and verification are important processes that have to be dealt with carefully, possibly relaying on computer-aided automated software tools. This paper presents a comprehensive approach for access control policy refinement, verification and, in case errors are detected in the policy implementation, their fixing. The proposed methodology is based on a twofold model able to describe both policies and system configurations and allows, by suitably processing the model, to either propose a system configuration that correctly enforces the policies, or determine whether a specific implementation matches the policy specification also providing hints on how possible anomalies can be fixed. Results on the average complexity of the solution confirm its feasibility in terms of computation time, even for complex networked systems consisting of several hundred nodes. © 2018 Elsevier Ltd","keywords":"Access Control Policy, Industrial Networked Systems","url":"https://iris.polito.it/retrieve/handle/11583/2724584/356856/main.pdf","bibtex":"@Article{2019COSE,\r\n author = {Manuel Cheminod and Luca Durante and Lucia Seno and Fulvio Valenza and Adriano Valenzano},\r\n doi = {10.1016/j.cose.2018.09.013},\r\n journal = {Computers and Security},\r\n pages = {186--199},\r\n title = {A comprehensive approach to the automatic refinement and verification of access control policies},\r\n volume = {80},\r\n year = {2019},\r\n abstract={Access control is one of the building blocks of network security and is often managed by network administrators through the definition of sets of high-level policies meant to regulate network behavior (policy-based management). In this scenario, policy refinement and verification are important processes that have to be dealt with carefully, possibly relaying on computer-aided automated software tools. This paper presents a comprehensive approach for access control policy refinement, verification and, in case errors are detected in the policy implementation, their fixing. The proposed methodology is based on a twofold model able to describe both policies and system configurations and allows, by suitably processing the model, to either propose a system configuration that correctly enforces the policies, or determine whether a specific implementation matches the policy specification also providing hints on how possible anomalies can be fixed. Results on the average complexity of the solution confirm its feasibility in terms of computation time, even for complex networked systems consisting of several hundred nodes. © 2018 Elsevier Ltd},\r\n keywords={Access Control Policy, Industrial Networked Systems},\r\n url = {https://iris.polito.it/retrieve/handle/11583/2724584/356856/main.pdf}\r\n}\r\n\r\n","author_short":["Cheminod, M.","Durante, L.","Seno, L.","Valenza, F.","Valenzano, A."],"key":"2019COSE","id":"2019COSE","bibbaseid":"cheminod-durante-seno-valenza-valenzano-acomprehensiveapproachtotheautomaticrefinementandverificationofaccesscontrolpolicies-2019","role":"author","urls":{"Paper":"https://iris.polito.it/retrieve/handle/11583/2724584/356856/main.pdf"},"keyword":["Access Control Policy","Industrial Networked Systems"],"metadata":{"authorlinks":{"valenza, f":"https://bibbase.org/show?bib=https%3A%2F%2Fraw.githubusercontent.com%2FFulvioValenza%2Fbibliography%2Fmain%2FValenza_bibliography.bib&commas=true","valenza, f":"https://bibbase.org/service/mendeley/47be63fe-fca0-3f0f-a864-642602926c3f"}},"downloads":10},"bibtype":"article","biburl":"https://raw.githubusercontent.com/FulvioValenza/bibliography/main/Valenza_bibliography.bib","creationDate":"2021-01-16T10:07:49.755Z","downloads":10,"keywords":["access control policy","industrial networked systems"],"search_terms":["comprehensive","approach","automatic","refinement","verification","access","control","policies","cheminod","durante","seno","valenza","valenzano"],"title":"A comprehensive approach to the automatic refinement and verification of access control policies","year":2019,"dataSources":["JbiX35GNqPCF3nids","csYhy47rJJgSM7jjJ"]}