Full metadata
Title
Assurance management framework for access control systems
Description
Access control is one of the most fundamental security mechanisms used in the design and management of modern information systems. However, there still exists an open question on how formal access control models can be automatically analyzed and fully realized in secure system development. Furthermore, specifying and managing access control policies are often error-prone due to the lack of effective analysis mechanisms and tools. In this dissertation, I present an Assurance Management Framework (AMF) that is designed to cope with various assurance management requirements from both access control system development and policy-based computing. On one hand, the AMF framework facilitates comprehensive analysis and thorough realization of formal access control models in secure system development. I demonstrate how this method can be applied to build role-based access control systems by adopting the NIST/ANSI RBAC standard as an underlying security model. On the other hand, the AMF framework ensures the correctness of access control policies in policy-based computing through automated reasoning techniques and anomaly management mechanisms. A systematic method is presented to formulate XACML in Answer Set Programming (ASP) that allows users to leverage off-the-shelf ASP solvers for a variety of analysis services. In addition, I introduce a novel anomaly management mechanism, along with a grid-based visualization approach, which enables systematic and effective detection and resolution of policy anomalies. I further evaluate the AMF framework through modeling and analyzing multiparty access control in Online Social Networks (OSNs). A MultiParty Access Control (MPAC) model is formulated to capture the essence of multiparty authorization requirements in OSNs. In particular, I show how AMF can be applied to OSNs for identifying and resolving privacy conflicts, and representing and reasoning about MPAC model and policy. To demonstrate the feasibility of the proposed methodology, a suite of proof-of-concept prototype systems is implemented as well.
Date Created
2012
Contributors
- Hu, Hongxin (Author)
- Ahn, Gail-Joon (Thesis advisor)
- Yau, Stephen S. (Committee member)
- Dasgupta, Partha (Committee member)
- Ye, Nong (Committee member)
- Arizona State University (Publisher)
Topical Subject
Resource Type
Extent
xii, 168 p. : ill. (some col.)
Language
eng
Copyright Statement
In Copyright
Primary Member of
Peer-reviewed
No
Open Access
No
Handle
https://hdl.handle.net/2286/R.I.15176
Statement of Responsibility
by Hongxin Hu
Description Source
Viewed on Jun. 27, 2013
Level of coding
full
Note
thesis
Partial requirement for: Ph.D., Arizona State University, 2012
bibliography
Includes bibliographical references (p. 154-168)
Field of study: Computer science
System Created
- 2012-08-24 06:31:40
System Modified
- 2021-08-30 01:45:15
- 3 years 3 months ago
Additional Formats