Automated Fault Localization of Access Control Policies

Title:    Automated Fault Localization of Access Control Policies

Abstract:     Access control is a fundamental mechanism for regulating access to resources in computer and information systems. The increasing complexity of modern access control policies not only elevates the likelihood of having security faults, but also calls for effective techniques for fault diagnosis. This talk will present an approach to automated fault localization of access control policies, especially written in the industry standard language XACML. The approach provides various scoring methods for ranking suspicious policy elements in order to localize faults. To evaluate the approach, our experiments have used a large number of faulty versions of XACML policies with different levels of complexity. The experiment results show that two of the scoring methods are highly accurate - they only require examination of a few policy elements to localize the fault in each faulty policy, even for complex policies with a large number of rules.

时间:2016年6月16日下午3点

地点:信息楼322

主讲人:徐殿祥

讲员简介: 徐殿祥博士现任美国Boise State University计算机科学系教授及研究生负责人。毕业于南京大学计算机科学与技术系,先后获学士,硕士及博士学位。自1999年起在美国多所大学从事研究教学工作。研究领域包括软件安全,软件工程,软件定义的网络,形式化方法等。承担过许多美国国家基金、美国航空航天局,美国国家健康研究院,及三星公司项目。在国际期刊和会议上发表论文100余篇。参与组织多个国际会议。在2012-2016年期间担任IEEE计算机软件及应用国际会议(COMPSAC)安全相关的专题主席。徐殿祥博士是IEEE 高级会员,国际期刊International Journal of Performability Engineering主编。

分类