• Login
    View Item 
    •   eScholar Home
    • Faculty of Engineering & Applied Science
    • Doctoral Dissertations
    • View Item
    •   eScholar Home
    • Faculty of Engineering & Applied Science
    • Doctoral Dissertations
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Access control obligation specification and enforcement using behavior pattern language

    Thumbnail
    View/Open
    Sharghigoorabi_Mohammadhassan.pdf (3.618Mb)
    Date
    2018-01-01
    Author
    Sharghigoorabi, Mohammadhassan
    Metadata
    Show full item record
    Abstract
    Increasing the use of Internet-based devices offers novel opportunities for users to access and share resources anywhere and anytime so that such a collaborative environment complicates the design of an accountable resource access control system. Relying on only predefined access control policies based on an entity's attributes, as in traditional access control solutions, cannot provide enough flexibility to apply continuous adjustments in order to adapt to any kind of operative run time conditions. The limited scope and precision of the existing policy-based access control solutions have put considerable limitations on adequately satisfying the challenging security aspects of the IT enterprises. In this research, we focus on the obligatory behavior that can play an important role in access control to protect resources and services of a typical system. Since traditional access control is performed only once before the resource is accessed by the subject, the access control system is unable to control the fulfillment of obligation while the access is in progress. Practically, such a requirement is implemented in hard-coded and proprietary ways. Consequently, the lack of sophisticated means for specification and enforcement of obligation in access control system decreases its flexibility and may also lead to the security breach in sensitive environments. We provide a descriptive language that is capable of defining a variety of complex behavior patterns based on a sequence of user actions. Such a description can be used to specify different elements of the obligation in order to attach to a policy language, and it is also used to generate queries for behavior matching purposes. Moreover, we propose a behavior pattern matching framework to approve the fulfillment of the obligation by looking into the audit logs. However, this method is extremely inadequate for ongoing obligations. Therefore, we proposed a compliance engine by utilizing complex event processing in order to make a decision to revoke or continue the access in a timely manner. We implemented both frameworks that can be used to approve the obligation fulfillment as well as to evaluate the expressive power and complexity of our proposed language.
    URI
    https://hdl.handle.net/10155/908
    Collections
    • Doctoral Dissertations [129]
    • Electronic Theses and Dissertations [1323]

    DSpace software copyright © 2002-2016  DuraSpace
    Contact Us | Send Feedback
    Theme by 
    Atmire NV
     

     

    Browse

    All of eScholarCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

    My Account

    LoginRegister

    DSpace software copyright © 2002-2016  DuraSpace
    Contact Us | Send Feedback
    Theme by 
    Atmire NV