Refresh Instead of Revoke Enhances Safety and Availability: A Formal Analysis - Data and Applications Security and Privacy XXXIII Access content directly
Conference Papers Year : 2019

Refresh Instead of Revoke Enhances Safety and Availability: A Formal Analysis

Mehrnoosh Shakarami
  • Function : Author
  • PersonId : 1059345
Ravi Sandhu
  • Function : Author
  • PersonId : 978076

Abstract

Due to inherent delays and performance costs, the decision point in a distributed multi-authority Attribute-Based Access Control (ABAC) system is exposed to the risk of relying on outdated attribute values and policy; which is the safety and consistency problem. This paper formally characterizes three increasingly strong levels of consistency to restrict this exposure. Notably, we recognize the concept of refreshing attribute values rather than simply checking the revocation status, as in traditional approaches. Refresh replaces an older value with a newer one, while revoke simply invalidates the old value. Our lowest consistency level starts from the highest level in prior revocation-based work by Lee and Winslett (LW). Our two higher levels utilize the concept of request time which is absent in LW. For each of our levels we formally show that using refresh instead of revocation provides added safety and availability.
Fichier principal
Vignette du fichier
480962_1_En_16_Chapter.pdf (461.58 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-02384596 , version 1 (28-11-2019)

Licence

Attribution

Identifiers

Cite

Mehrnoosh Shakarami, Ravi Sandhu. Refresh Instead of Revoke Enhances Safety and Availability: A Formal Analysis. 33th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2019, Charleston, SC, United States. pp.301-313, ⟨10.1007/978-3-030-22479-0_16⟩. ⟨hal-02384596⟩
32 View
21 Download

Altmetric

Share

Gmail Facebook X LinkedIn More