Refresh Instead of Revoke Enhances Safety and Availability: A Formal Analysis - Archive ouverte HAL Access content directly
Conference Papers Year : 2019

Refresh Instead of Revoke Enhances Safety and Availability: A Formal Analysis

(1) , (1)
1
Mehrnoosh Shakarami
  • Function : Author
  • PersonId : 1059345
Ravi Sandhu
  • Function : Author
  • PersonId : 978076

Abstract

Due to inherent delays and performance costs, the decision point in a distributed multi-authority Attribute-Based Access Control (ABAC) system is exposed to the risk of relying on outdated attribute values and policy; which is the safety and consistency problem. This paper formally characterizes three increasingly strong levels of consistency to restrict this exposure. Notably, we recognize the concept of refreshing attribute values rather than simply checking the revocation status, as in traditional approaches. Refresh replaces an older value with a newer one, while revoke simply invalidates the old value. Our lowest consistency level starts from the highest level in prior revocation-based work by Lee and Winslett (LW). Our two higher levels utilize the concept of request time which is absent in LW. For each of our levels we formally show that using refresh instead of revocation provides added safety and availability.
Fichier principal
Vignette du fichier
480962_1_En_16_Chapter.pdf (461.58 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-02384596 , version 1 (28-11-2019)

Licence

Attribution - CC BY 4.0

Identifiers

Cite

Mehrnoosh Shakarami, Ravi Sandhu. Refresh Instead of Revoke Enhances Safety and Availability: A Formal Analysis. 33th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2019, Charleston, SC, United States. pp.301-313, ⟨10.1007/978-3-030-22479-0_16⟩. ⟨hal-02384596⟩
25 View
8 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More