International Conference on Security and Privacy in Communication Systems

Security and Privacy in Communication Networks pp 438-455 | Cite as

Generation of Transmission Control Rules Compliant with Existing Access Control Policies

  • Yoann Bertrand
  • Mireille Blay-Fornarino
  • Karima Boudaoud
  • Michel Riveill
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 164)

Abstract

Access Control (AC) is a well known mechanism that allows access restriction to resources. Nevertheless, it does not provide notification when a resource is retransmitted to an unauthorized third party. To overcome this issue, one can use mechanisms such as Data Loss/Leak Prevention (DLP) or Transmission Control (TC). These mechanisms are based on policies that are defined by security experts. Unfortunately, these policies can contradict existing AC rules, leading to security leakage (i.e. a legitimate user is allowed to send a resource to someone who has no access rights in the AC).

In this article, we aim at creating TC policies that are compliant with existing AC policies. To do so, we use a mapping mechanism that generates TC rules directly from existing AC policies. Thanks to the generated rules, our solution can make inferences to improve existing AC and enhance security knowledge between infrastructures.

Keywords

Security Access Control Security policies Transmission Control Transmission security Data Loss Prevention Data Leak Prevention Data leakage 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bell, D.E., La Padula, L.J.: Secure computer systems: Mathematical foundations (No. MTR-2547-VOL-1). MITRE Corp., Bedford (1973)Google Scholar
  2. 2.
    Biba, K.J.: Integrity considerations for secure computer systems. No. MTR-3153-REV-1. MITRE Corp., Bedford (1977)Google Scholar
  3. 3.
    Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proceedings of the IEEE 63(9), 1278–1308 (1975). doi:10.1109/PROC.1975.9939 CrossRefGoogle Scholar
  4. 4.
    Levy, H.M.: Capability-Based Computer System. Butterworth-Heinemann, Newton (1984)Google Scholar
  5. 5.
    Fabry, R.S.: Capability-based addressing. Communications of the ACM 17(7), 403–412 (1974)CrossRefGoogle Scholar
  6. 6.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 2, 38–47 (1996)CrossRefGoogle Scholar
  7. 7.
    Hu, V.C., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Miller, R., Scarfone, K.: Guide to attribute based access control (ABAC) definition and considerations. NIST Special Publication 800, 162 (2014)Google Scholar
  8. 8.
    Han, W., Lei, C.: A survey on policy languages in network and security management. Computer Networks 56(1), 477–489 (2012)CrossRefGoogle Scholar
  9. 9.
    Shabtai, A., Elovici, Y., Rokach, L.: A survey of data leakage detection and prevention solutions. Springer Science & Business Media (2012)Google Scholar
  10. 10.
    Park, J., Sandhu, R.S.: The UCON ABC usage control model. ACM Transactions on Information and System Security (TISSEC) 7(1), 128–174 (2004)CrossRefGoogle Scholar
  11. 11.
    Hilty, M., Pretschner, A., Basin, D., Schaefer, C., Walter, T.: A policy language for distributed usage control. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 531–546. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Kelbert, F., Pretschner, A.: Decentralized distributed data usage control. In: Kiayias, A., Askoxylakis, I., Gritzalis, D. (eds.) CANS 2014. LNCS, vol. 8813, pp. 353–369. Springer, Heidelberg (2014)Google Scholar
  13. 13.
    Gheorghe, G., Mori, P., Crispo, B., Martinelli, F.: Enforcing UCON policies on the enterprise service bus. In: Meersman, R., Dillon, T., Herrero, P. (eds.) OTM 2010. LNCS, vol. 6427, pp. 876–893. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Cuppens, F., Cuppens-Boulahia, N., Ghorbel, M.B.: High level conflict management strategies in advanced access control models. Electronic Notes in Theoretical Computer Science 186, 3–26 (2007)MathSciNetCrossRefMATHGoogle Scholar
  15. 15.
    Ayed, S., Cuppens-Boulahia, N., Cuppens, F.: Deploying security policy in intra and inter workflow management systems. In: International Conference on Availability, Reliability and Security, ARES 2009, pp. 58–65. IEEE (2009)Google Scholar
  16. 16.
    Ayed, S., Cuppens-Boulahia, N., Cuppens, F.: An integrated model for access control and information flow requirements. In: Cervesato, I. (ed.) ASIAN 2007. LNCS, vol. 4846, pp. 111–125. Springer, Heidelberg (2007)Google Scholar
  17. 17.
    Barker, S.: Logical approaches to authorization policies. In: Artikis, A., Craven, R., Kesim Çiçekli, N., Sadighi, B., Stathis, K. (eds.) Sergot Festschrift 2012. LNCS, vol. 7360, pp. 349–373. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  18. 18.
    Slimani, N., Khambhammettu, H., Adi, K., Logrippo, L.: UACML: unified access control modeling language. In: 2011 4th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–8. IEEE (2011)Google Scholar
  19. 19.
    Khamadja, S., Adi, K., Logrippo, L.: An access control framework for hybrid policies. In: Proceedings of the 6th International Conference on Security of Information and Networks, pp. 282–286. ACM (2013)Google Scholar

Copyright information

© Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2015

Authors and Affiliations

  • Yoann Bertrand
    • 1
  • Mireille Blay-Fornarino
    • 1
  • Karima Boudaoud
    • 1
  • Michel Riveill
    • 1
  1. 1.University of Nice Sophia Antipolis, CNRS, I3S, UMR 7271Sophia AntipolisFrance

Personalised recommendations