TY - GEN
T1 - Position paper
T2 - 2016 ACM International Workshop on Attribute Based Access Control, ABAC 2016
AU - Rubio-Medrano, Carlos E.
AU - Lamp, Josephine
AU - Taguinod, Marthony
AU - Doupe, Adam
AU - Zhao, Ziming
AU - Ahn, Gail-Joon
N1 - Funding Information:
This work was partially supported by a grant from the National Science Foundation (NSF-SFS-1129561), by a grant from the Department of Energy (DE-SC0004308) and by a grant from the Center for Cybersecurity and Digital Forensics at Arizona State University.
Publisher Copyright:
© 2016 ACM.
PY - 2016/3/11
Y1 - 2016/3/11
N2 - In recent years, attribute-based access control has been recognized as a convenient way to specify access mediation policies that leverage attributes originating from different security domains, e.g., independently-run organizations or supporting platforms. However, this new paradigm, while allowing for enhanced flexibility and convenience, may also open the door to new kinds of attacks based on forging or impersonating attributes, thus potentially allowing for attackers to gain unintended access to protected resources. In order to alleviate this problem, we present an ongoing effort based on moving target defense, an emerging technique for proactively providing security measurements: we aim to analyze attribute-based data obtained at runtime in order to dynamically change policy configurations over time. We present our approach by leveraging a case study based in electronic health records, another trending methodology widely used in practice for mediating access to sensitive healthcare information in mission-critical applications.
AB - In recent years, attribute-based access control has been recognized as a convenient way to specify access mediation policies that leverage attributes originating from different security domains, e.g., independently-run organizations or supporting platforms. However, this new paradigm, while allowing for enhanced flexibility and convenience, may also open the door to new kinds of attacks based on forging or impersonating attributes, thus potentially allowing for attackers to gain unintended access to protected resources. In order to alleviate this problem, we present an ongoing effort based on moving target defense, an emerging technique for proactively providing security measurements: we aim to analyze attribute-based data obtained at runtime in order to dynamically change policy configurations over time. We present our approach by leveraging a case study based in electronic health records, another trending methodology widely used in practice for mediating access to sensitive healthcare information in mission-critical applications.
KW - Attribute-based Access Control
KW - Electronic Health Records
KW - Moving Target Defense
KW - Policy Mutation
UR - http://www.scopus.com/inward/record.url?scp=84966642199&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84966642199&partnerID=8YFLogxK
U2 - 10.1145/2875491.2875499
DO - 10.1145/2875491.2875499
M3 - Conference contribution
AN - SCOPUS:84966642199
T3 - ABAC 2016 - Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control, co-located with CODASPY 2016
SP - 68
EP - 71
BT - ABAC 2016 - Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control, co-located with CODASPY 2016
PB - Association for Computing Machinery, Inc
Y2 - 11 March 2016
ER -