Mell Peter, Shook James, Harang Richard, Gavrila Serban
National Institute of Standards and Technology, 100 Bureau Drive, Gaithersburg, MD 20899.
U.S. Army Research Laboratory, Adelphi, MD United States.
J Wirel Mob Netw Ubiquitous Comput Dependable Appl. 2017 Mar;8(1):4-25.
An important way to limit malicious insiders from distributing sensitive information is to as tightly as possible limit their access to information. This has always been the goal of access control mechanisms, but individual approaches have been shown to be inadequate. Ensemble approaches of multiple methods instantiated simultaneously have been shown to more tightly restrict access, but approaches to do so have had limited scalability (resulting in exponential calculations in some cases). In this work, we take the Next Generation Access Control (NGAC) approach standardized by the American National Standards Institute (ANSI) and demonstrate its scalability. The existing publicly available reference implementations all use cubic algorithms and thus NGAC was widely viewed as not scalable. The primary NGAC reference implementation took, for example, several minutes to simply display the set of files accessible to a user on a moderately sized system. In our approach, we take these cubic algorithms and make them linear. We do this by reformulating the set theoretic approach of the NGAC standard into a graph theoretic approach and then apply standard graph algorithms. We thus can answer important access control decision questions (e.g., which files are available to a user and which users can access a file) using linear time graph algorithms. We also provide a default linear time mechanism to visualize and review user access rights for an ensemble of access control mechanisms. Our visualization appears to be a simple file directory hierarchy but in reality is an automatically generated structure abstracted from the underlying access control graph that works with any set of simultaneously instantiated access control policies. It also provide an implicit mechanism for symbolic linking that provides a powerful access capability. Our work thus provides the first efficient implementation of NGAC while enabling user privilege review through a novel visualization approach. This may help transition from concept to reality the idea of using ensembles of simultaneously instantiated access control methodologies, thereby limiting insider threat.
限制恶意内部人员分发敏感信息的一个重要方法是尽可能严格地限制他们对信息的访问。这一直是访问控制机制的目标,但已证明个别方法并不充分。同时实例化多种方法的集成方法已被证明能更严格地限制访问,但这样做的方法扩展性有限(在某些情况下会导致指数级计算)。在这项工作中,我们采用了美国国家标准学会(ANSI)标准化的下一代访问控制(NGAC)方法,并展示了其可扩展性。现有的公开可用参考实现都使用立方算法,因此NGAC被广泛认为不可扩展。例如,主要的NGAC参考实现在一个中等规模的系统上仅仅显示用户可访问的文件集就需要几分钟。在我们的方法中,我们采用这些立方算法并使其线性化。我们通过将NGAC标准的集合论方法重新表述为图论方法,然后应用标准图算法来实现这一点。因此,我们可以使用线性时间图算法回答重要的访问控制决策问题(例如,哪些文件可供用户使用以及哪些用户可以访问一个文件)。我们还提供了一种默认的线性时间机制,用于可视化和审查一组访问控制机制的用户访问权限。我们的可视化看起来像是一个简单的文件目录层次结构,但实际上是一个从底层访问控制图抽象出来的自动生成的结构,它适用于任何一组同时实例化的访问控制策略。它还提供了一种用于符号链接的隐式机制,该机制提供了强大的访问能力。我们的工作因此提供了NGAC的首个高效实现,同时通过一种新颖的可视化方法实现了用户权限审查。这可能有助于将同时实例化访问控制方法集的想法从概念转变为现实,从而限制内部威胁。
