SecAuthAPI: uma abordagem para suportar infraestruturas de autorização auto-adaptativas
Access control mechanisms have been used in information systems to restrict access to sensitive information. Such mechanisms are able to deal with external agent threats, but they are ineffective when considering attacks involving internal users. Static access control policies are unable to deal...
Na minha lista:
Autor principal: | |
---|---|
Outros Autores: | |
Formato: | Dissertação |
Idioma: | por |
Publicado em: |
Brasil
|
Assuntos: | |
Endereço do item: | https://repositorio.ufrn.br/jspui/handle/123456789/26368 |
Tags: |
Adicionar Tag
Sem tags, seja o primeiro a adicionar uma tag!
|
Resumo: | Access control mechanisms have been used in information systems to restrict access to
sensitive information. Such mechanisms are able to deal with external agent threats, but
they are ineffective when considering attacks involving internal users. Static access control
policies are unable to deal with anomalous behavior of malicious users who abuse their
permissions. Self-adaptive systems have been shown as a possible response for this situation,
since they are able to analyze themselves and the environment in which they are deployed,
modifying themselves over various and unpredictable conditions. In this context, based on
the behaviour of users, the access control policies could be dynamically modified to deal
with malicious users. However, self-adaptation requires a set of well-defined operations
that can be used in the definition of adaptation plans. In this sense, this work proposes the
SecAuthAPI, an approach to support self-adaptive authorization infrastructures based on
ABAC (Attribute-Based Access Control). The operations are based on a formal functional
specification of the ABAC model and aim to enable the dynamic adaptation of access
control policies. Considering the application of this approach in a real system, this work
also proposes and implements the externalization of authorization mechanisms for the
SUAP system, developed and used at IFRN, with the intention of decoupling access
control concern from the business logic of the application SecAuthAPI operations were
evaluated through a series of unit tests that attest its adherence to the formal functional
specification, while separation of access control from SUAP had its performance evaluated
and compared to the legacy approach. The results show that, although it has an additional
computational cost, the impact on application performance is negligible. In addition, our
solution is highly feasible in view of the benefits brought due to the decoupling of concern
from access control from the source code of the application. |
---|