Access control policy management

Access control is the traditional center of gravity of computer security [1]. People specify access control policies to control accesses to resources in computer systems. The management of access control policies include policy specification and policy analysis. In this dissertation, we design a new language for policy specification, propose a new type of access control policy, and study the computational complexity of a variety of policy analysis problems. In particular, (1) We design a novel algebra that enables the specification of high-level security policies that combine qualification requirements with quantity requirements. Our algebra contains six operators and is expressive enough to specify many natural high-level security policies. We study the properties of the algebra, as well as several computational problems related to the algebra. (2) Traditional access control policy analysis focuses on restricting access. However, an equally important aspect of access control is to enable access. With this in mind, we introduce the notion of resiliency policies for access control systems. We formally define resiliency policies and study computational problems on checking whether an access control state satisfies a resiliency policy. We also study the consistency between resiliency policies and separation of duty policies. (3) The workflow authorization system is a popular access control model. We study fundamental problems related to policy analysis in workflow authorization systems, such as determining whether a set of users can complete a workflow in a certain access control state. In particular, we apply tools from parameterized complexity theory to better understand the complexities of such problems. We also introduce the notion of resiliency to workflow authorization systems. (4) Delegation is an important tool to provide flexibility and enforce resiliency in access control systems. However, delegation may also allow colluding users to bypass security policies. We study the security impact of delegation and formally define the notion of security with regard to delegation. We propose mechanisms to enforce delegation security. In particular, we design a novel source-based enforcement mechanism for workflow authorization systems so as to achieve both security and efficiency. Finally, we discuss how to use delegation to meet resiliency requirements.