Evaluating the Comprehensive Complexity of Authorization-based Access Control Policies using Quantitative Metrics

Malek Belhaouane; Joaquin Garcia-Alfaro; Hervé Debar

doi:10.5220/0005544100530064

Evaluating the Comprehensive Complexity of Authorization-based Access Control Policies using Quantitative Metrics

Malek Belhaouane, Joaquin Garcia-Alfaro, Hervé Debar

2015

Abstract

Access control models allow flexible authoring and management of security policies, using high-level statements. They enable the expression of structured and expressive policies. However, they have an impact on the policy characteristics. The complexity of such policies is one of the affected characteristics. We propose a series of quantitative metrics to assess comprehensive complexity of policies. By comprehensive, we mean the difficulty of understanding a policy by administrators. We formalize the concepts of authorization-based access control models, to propose general metrics regardless of the model. We also show the application of the proposed metrics through a content management system (CMS) policy example. We outline a proof-of-concept to evaluate the feasibility of our proposal, based on SELinux policies for a general-purpose CMS.

Download

Paper Citation

in Harvard Style

Belhaouane M., Garcia-Alfaro J. and Debar H. (2015). Evaluating the Comprehensive Complexity of Authorization-based Access Control Policies using Quantitative Metrics . In Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015) ISBN 978-989-758-117-5, pages 53-64. DOI: 10.5220/0005544100530064

in Bibtex Style

@conference{secrypt15,
author={Malek Belhaouane and Joaquin Garcia-Alfaro and Hervé Debar},
title={Evaluating the Comprehensive Complexity of Authorization-based Access Control Policies using Quantitative Metrics},
booktitle={Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)},
year={2015},
pages={53-64},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005544100530064},
isbn={978-989-758-117-5},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)
TI - Evaluating the Comprehensive Complexity of Authorization-based Access Control Policies using Quantitative Metrics
SN - 978-989-758-117-5
AU - Belhaouane M.
AU - Garcia-Alfaro J.
AU - Debar H.
PY - 2015
SP - 53
EP - 64
DO - 10.5220/0005544100530064