Tuesday, 29th July
Coyne Lecture Theatre
4pm – 5pm
“Reduction of Access Control Decisions”
Speaker: Dr. Nicola Zannone (Eindhoven University of Technology)
Access control has been proposed as “the” solution to prevent unauthorized accesses to sensitive system resources. Historically, access control models use a two-valued decision set to indicate whether an access should be granted or denied. Many access control models have extended the two-valued decision set to indicate, for instance, whether a policy is applicable to an access query or an error occurred during policy evaluation. Decision sets are often coupled with operators for combining decisions from multiple applicable policies. Although a larger decision set is more expressive, it may be necessary to reduce it to a smaller set in order to simplify the complexity of decision making or enable comparison between access control models. Moreover, some access control mechanisms like XACML v3 uses more than one decision set. The projection from one decision set to the other may result in a loss of accuracy, which can affect the final access decision. In this talk, we present a formal framework for the analysis and comparison of decision sets centered on the notion of decision reduction. In particular, we introduce the notion of safe reduction, which ensures that a reduction can be performed at any level of policy composition without changing the final decision. We demonstrate the framework by analyzing XACML v3 against the notion of safe reduction. From this analysis, we draw guidelines for the selection of the minimal decision set with respect to a given set of combining operators.
Speaker Bio: Nicola Zannone received the Ph.D. in Computer Science at the University of Trento in 2007. He won the IBM PhD fellowship award for the 2006-07 academic year. He visited the Center for Secure Information Systems at George Mason University in 2005 and at IBM Zurich Research Laboratory in 2006. In 2007-2008, he was a post-doc at the Department of Computer Science of the University of Toronto. In 2008-2012, he has a post-doc position in the Security Group at the Eindhoven University of Technology. Since November 2012, he is assistant professor in the same group. His research interests include computer security, formal methods, privacy and data protection.