Babak Sadighi

Overriding of Access Control in XACML

Most access control mechanisms focus on how to define the rights of users in a precise way to prevent any violation of the access control policy of an organization. However, in many cases it is hard to predefine all access needs, or even to express them in machine readable form. One example of such a situation is an emergency case which may not be predictable and would be hard to express as a machine readable condition. Discretionary overriding of access control is one way for handling such hard to define and unanticipated situations where availability is critical. The override mechanism gives the subject of the access control policy the possibility to override a denied decision, and if the subject should confirm the override, the access will be logged for special auditing. XACML, the extensible access control markup language, provides a standardized access control policy language for expressing access control policies. This paper introduces a discretionary overriding mechanism in XACML. We do so by means of XACML obligations and also define a general obligation combining mechanism.

Discretionary Overriding of Access Control in the Privilege Calculus

We extend a particular access control framework, the Privilege Calculus, with a possibility to override denied access for increased flexibility in hard to define or unanticipated situations. We require the overrides to be audited and approved by appropriate managers. In order to automatically find the authorities who are able to approve an override, we present an algorithm for authority resolution. We are able to calculate from the access control policy who can approve an override without the need for any additional information.

Secure communication for ad-hoc, federated groups

Ad-hoc federated groups are getting increasingly popular as means of addressing collaborative tasks that require information sharing. However, in some application scenarios, the security of the shared information is vital. Managing the communication security of such groups in an efficient way is a difficult task. This paper presents an architecture that enables secure communication for ad-hoc, cross-organisational groups. Our architecture covers group admission control, group key management and secure group communication. The groups in question are expected to be ad-hoc groups where the potential participants have no prior knowledge of each other and thus federation mechanisms need to be used to establish group admission rights. In order to handle group admission we use the SAML and XACML standards, for group key management we use the TGDH protocol. Our approach thus supports decentralised management of the most important tasks in secure group communication using an integrated approach based on established security standards. We have also produced a demo implementation to show the feasibility of our architecture. This research was pursued as part of the TrustDis project funded by the Swedish Governmental Agency for Innovation Systems (Vinnova).

Decentralized Access Control Management for Network Configuration

Configuration management is of great importance for network operators and service providers today. Sharing of resources between business parties with conflicting interests is a reality and raises many issues with respect to configuration management. One issue is access control to configuration data. A network operator or service provider needs appropriate tools, not only to control its networked resources, but also to specify how this control should be exercised. We propose an access control model for the IETF NETCONF network configuration protocol, based on the OASIS XACML access control standard, which allows a flexible and fine-grained control for NETCONF commands. Our approach does not require any additions to the NETCONF protocol and is independent of the configuration’s data-model. Furthermore our approach can easily be extended to cover new NETCONF functionality.

A classification of delegation schemes for attribute authority

Recently assertions have been explored as a generalisation of certificates within access control. Assertions are used to link arbitrary attributes (e.g. roles, security clearances) to arbitrary entities (e.g. users, resources). These attributes can then be used as identifiers in access control policies to refer to groups of users or resources. In many applications attribute management does not happen within the access control system. External entities manage attribute assignments and issue assertions that are then used in the access control system. Some approaches also allow for the delegation of attribute authority, in order to spread the administrative workload. In such systems the consumers of attribute assertions issued by a delegated authority need a delegation verification scheme. In this article we propose a classification for schemes that allow to verify delegated authority, with a focus on attribute assertion. Using our classification, one can deduce some advantages and drawbacks of different approaches to delegated attribute assertion.