Strengthening the Foundations of Access Control

加强访问控制的基础

• 批准号: RGPIN-2014-06716
• 负责人: Tripunitara, Mahesh
• 金额: $ 2.84万
• 依托单位: University of Waterloo
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2018
• 资助国家: 加拿大
• 起止时间: 2018-01-01 至 2019-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=667150
• 关键词: Strengthening; Foundations; Access; Control

Access control comprises the techniques and mechanisms by which we ensure that only authorized principals are able to perform certain actions, such as read and write, on resources. It is an essential component of the security of deployed systems, and is also an active area of research. From the PI's experience over the past few years, which includes collaborative research with industry, he has learned that the foundations of access control need considerable work. This is the focus of this proposal. The proposed research fits into the PI's longer term vision of making computer systems, on which all of us increasingly rely for even our basic needs, as secure as is feasible.**The PI proposes to address three fundamental topics. One is forensics, with which we answer questions about past states of a system. Forensics is important because preventive security techniques often fail. Access control systems are an important context in which to perform forensic analysis; however, the forensic analysis problem has not been posed as such in prior research. The PI proposes to precisely pose and investigate a broad class of forensic analysis problems in the context of access control. One of the outcomes of this work will be goal-directed logging, so only essential logs are maintained that lend to efficient analysis. A second topic that the PI proposes to research is the secrecy resilience of authorization policies. Authorization policies are themselves resources that need to be protected because portions of them (e.g., whether a user has a certain privilege) may be sensitive to disclosure. The central question that the PI proposes to answer in this context is: are some authorization policies inherently more secrecy resilient than others? The PI proposes to evolve a notion of secrecy resilience that has intuitive appeal, and explore several research directions, such as whether it is possible to increase the secrecy resilience of a policy without changing its effective authorizations, and whether one can build Role-Based Access Control (RBAC) policies that have a desired secrecy resilience. The third topic that the PI proposes to research is the foundations of testing implementations of authorization and access control systems. This is a topic on which the PI has conducted some recent work in collaboration with industry partners. There are several research problems that the PI proposes to address in this context. One is the identification and development of an appropriate syntax and associated semantics to express authorization systems for the purpose of testing, and the properties for which we would like to test. Another is a theory that relates such declarative properties with procedural traces, instances of which are to be exercised on the system under test. The PI proposes also to develop techniques for automatically generating trace instances using existing tools such as model checkers, and tying that to the process of exercising the trace instances. All of this work will result in a complete testing ecosystem for real world authorization and access control systems.**The proposed research is of value to Canada, and will complement the PI's other research, including those he performs in collaboration with industry partners. It will be high-impact in three ways. It will train Highly Qualified Personnel (HQP) in the important area of computer security, it will result in high-quality research publications in prestigious and selective journals and conferences, which in turn will give graduate students valuable exposure to the larger research community, and it will provide the PI and other researchers greater avenues to form research collaborations with Canadian industry partners by way of applying the proposed work to their real world problems.

访问控制包括技术和机制，通过这些技术和机制，我们确保只有授权的主体才能对资源执行某些操作，例如读取和写入。它是部署系统安全的重要组成部分，也是一个活跃的研究领域。从PI过去几年的经验中，包括与工业界的合作研究，他了解到访问控制的基础需要大量的工作。这是本提案的重点。拟议的研究符合PI的长期愿景，即使计算机系统尽可能安全，因为我们所有人都越来越依赖计算机系统来满足我们的基本需求。PI建议解决三个基本问题。一个是取证，我们用它来回答关于系统过去状态的问题。取证很重要，因为预防性安全技术经常失败。访问控制系统是执行取证分析的重要背景;然而，取证分析问题在之前的研究中尚未被提出。PI建议在访问控制的背景下精确地提出并调查广泛的取证分析问题。这项工作的成果之一将是目标导向的日志记录，因此只维护有助于有效分析的基本日志。PI建议研究的第二个主题是授权策略的保密弹性。授权策略本身是需要保护的资源，因为它们的一部分（例如，用户是否具有某种特权）可能对公开敏感。PI在此背景下提出要回答的中心问题是：某些授权策略是否天生就比其他策略具有更强的保密弹性？PI提出了一种具有直观吸引力的保密弹性概念，并探索了几个研究方向，例如是否有可能在不改变其有效授权的情况下增加策略的保密弹性，以及是否可以构建具有所需保密弹性的基于角色的访问控制（RBAC）策略。PI建议研究的第三个主题是授权和访问控制系统测试实现的基础。这是PI最近与行业合作伙伴合作开展的一些工作的主题。有几个研究问题，PI建议在这种情况下解决。一个是识别和开发适当的语法和相关的语义，以表达用于测试的授权系统，以及我们想要测试的属性。另一种理论是将这种声明性属性与过程跟踪联系起来，其中的实例将在被测系统上执行。PI还建议开发使用现有工具（如模型检查器）自动生成跟踪实例的技术，并将其与跟踪实例的执行过程联系起来。所有这些工作将为真实的世界授权和访问控制系统提供完整的测试生态系统。**拟议的研究对加拿大有价值，并将补充PI的其他研究，包括他与行业合作伙伴合作进行的研究。它将在三个方面产生重大影响。它将在计算机安全的重要领域培养高素质人才（HQP），它将导致高质量的研究出版物在著名的和选择性的期刊和会议，这反过来又将使研究生有价值的接触到更大的研究社区，它将为PI和其他研究人员提供更大的途径，通过应用拟议的工作与加拿大工业伙伴建立研究合作他们的真实的世界问题。