Position paper

Towards a moving target defense approach for attribute-based access control

Carlos E. Rubio-Medrano, Josephine Lamp, Marthony Taguinod, Adam Doupe, Ziming Zhao, Gail-Joon Ahn

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In recent years, attribute-based access control has been recognized as a convenient way to specify access mediation policies that leverage attributes originating from different security domains, e.g., independently-run organizations or supporting platforms. However, this new paradigm, while allowing for enhanced flexibility and convenience, may also open the door to new kinds of attacks based on forging or impersonating attributes, thus potentially allowing for attackers to gain unintended access to protected resources. In order to alleviate this problem, we present an ongoing effort based on moving target defense, an emerging technique for proactively providing security measurements: we aim to analyze attribute-based data obtained at runtime in order to dynamically change policy configurations over time. We present our approach by leveraging a case study based in electronic health records, another trending methodology widely used in practice for mediating access to sensitive healthcare information in mission-critical applications.

Original languageEnglish (US)
Title of host publicationABAC 2016 - Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control, co-located with CODASPY 2016
PublisherAssociation for Computing Machinery, Inc
Pages68-71
Number of pages4
ISBN (Print)9781450340793
DOIs
StatePublished - Mar 11 2016
Event2016 ACM International Workshop on Attribute Based Access Control, ABAC 2016 - New Orleans, United States
Duration: Mar 11 2016 → …

Other

Other2016 ACM International Workshop on Attribute Based Access Control, ABAC 2016
CountryUnited States
CityNew Orleans
Period3/11/16 → …

Fingerprint

Forging
Access control
Health

Keywords

  • Attribute-based Access Control
  • Electronic Health Records
  • Moving Target Defense
  • Policy Mutation

ASJC Scopus subject areas

  • Computer Science Applications
  • Information Systems
  • Software

Cite this

Rubio-Medrano, C. E., Lamp, J., Taguinod, M., Doupe, A., Zhao, Z., & Ahn, G-J. (2016). Position paper: Towards a moving target defense approach for attribute-based access control. In ABAC 2016 - Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control, co-located with CODASPY 2016 (pp. 68-71). Association for Computing Machinery, Inc. https://doi.org/10.1145/2875491.2875499

Position paper : Towards a moving target defense approach for attribute-based access control. / Rubio-Medrano, Carlos E.; Lamp, Josephine; Taguinod, Marthony; Doupe, Adam; Zhao, Ziming; Ahn, Gail-Joon.

ABAC 2016 - Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control, co-located with CODASPY 2016. Association for Computing Machinery, Inc, 2016. p. 68-71.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Rubio-Medrano, CE, Lamp, J, Taguinod, M, Doupe, A, Zhao, Z & Ahn, G-J 2016, Position paper: Towards a moving target defense approach for attribute-based access control. in ABAC 2016 - Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control, co-located with CODASPY 2016. Association for Computing Machinery, Inc, pp. 68-71, 2016 ACM International Workshop on Attribute Based Access Control, ABAC 2016, New Orleans, United States, 3/11/16. https://doi.org/10.1145/2875491.2875499
Rubio-Medrano CE, Lamp J, Taguinod M, Doupe A, Zhao Z, Ahn G-J. Position paper: Towards a moving target defense approach for attribute-based access control. In ABAC 2016 - Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control, co-located with CODASPY 2016. Association for Computing Machinery, Inc. 2016. p. 68-71 https://doi.org/10.1145/2875491.2875499
Rubio-Medrano, Carlos E. ; Lamp, Josephine ; Taguinod, Marthony ; Doupe, Adam ; Zhao, Ziming ; Ahn, Gail-Joon. / Position paper : Towards a moving target defense approach for attribute-based access control. ABAC 2016 - Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control, co-located with CODASPY 2016. Association for Computing Machinery, Inc, 2016. pp. 68-71
@inproceedings{e1e0c97cc66c4a9d910d8ce12611abfa,
title = "Position paper: Towards a moving target defense approach for attribute-based access control",
abstract = "In recent years, attribute-based access control has been recognized as a convenient way to specify access mediation policies that leverage attributes originating from different security domains, e.g., independently-run organizations or supporting platforms. However, this new paradigm, while allowing for enhanced flexibility and convenience, may also open the door to new kinds of attacks based on forging or impersonating attributes, thus potentially allowing for attackers to gain unintended access to protected resources. In order to alleviate this problem, we present an ongoing effort based on moving target defense, an emerging technique for proactively providing security measurements: we aim to analyze attribute-based data obtained at runtime in order to dynamically change policy configurations over time. We present our approach by leveraging a case study based in electronic health records, another trending methodology widely used in practice for mediating access to sensitive healthcare information in mission-critical applications.",
keywords = "Attribute-based Access Control, Electronic Health Records, Moving Target Defense, Policy Mutation",
author = "Rubio-Medrano, {Carlos E.} and Josephine Lamp and Marthony Taguinod and Adam Doupe and Ziming Zhao and Gail-Joon Ahn",
year = "2016",
month = "3",
day = "11",
doi = "10.1145/2875491.2875499",
language = "English (US)",
isbn = "9781450340793",
pages = "68--71",
booktitle = "ABAC 2016 - Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control, co-located with CODASPY 2016",
publisher = "Association for Computing Machinery, Inc",

}

TY - GEN

T1 - Position paper

T2 - Towards a moving target defense approach for attribute-based access control

AU - Rubio-Medrano, Carlos E.

AU - Lamp, Josephine

AU - Taguinod, Marthony

AU - Doupe, Adam

AU - Zhao, Ziming

AU - Ahn, Gail-Joon

PY - 2016/3/11

Y1 - 2016/3/11

N2 - In recent years, attribute-based access control has been recognized as a convenient way to specify access mediation policies that leverage attributes originating from different security domains, e.g., independently-run organizations or supporting platforms. However, this new paradigm, while allowing for enhanced flexibility and convenience, may also open the door to new kinds of attacks based on forging or impersonating attributes, thus potentially allowing for attackers to gain unintended access to protected resources. In order to alleviate this problem, we present an ongoing effort based on moving target defense, an emerging technique for proactively providing security measurements: we aim to analyze attribute-based data obtained at runtime in order to dynamically change policy configurations over time. We present our approach by leveraging a case study based in electronic health records, another trending methodology widely used in practice for mediating access to sensitive healthcare information in mission-critical applications.

AB - In recent years, attribute-based access control has been recognized as a convenient way to specify access mediation policies that leverage attributes originating from different security domains, e.g., independently-run organizations or supporting platforms. However, this new paradigm, while allowing for enhanced flexibility and convenience, may also open the door to new kinds of attacks based on forging or impersonating attributes, thus potentially allowing for attackers to gain unintended access to protected resources. In order to alleviate this problem, we present an ongoing effort based on moving target defense, an emerging technique for proactively providing security measurements: we aim to analyze attribute-based data obtained at runtime in order to dynamically change policy configurations over time. We present our approach by leveraging a case study based in electronic health records, another trending methodology widely used in practice for mediating access to sensitive healthcare information in mission-critical applications.

KW - Attribute-based Access Control

KW - Electronic Health Records

KW - Moving Target Defense

KW - Policy Mutation

UR - http://www.scopus.com/inward/record.url?scp=84966642199&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84966642199&partnerID=8YFLogxK

U2 - 10.1145/2875491.2875499

DO - 10.1145/2875491.2875499

M3 - Conference contribution

SN - 9781450340793

SP - 68

EP - 71

BT - ABAC 2016 - Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control, co-located with CODASPY 2016

PB - Association for Computing Machinery, Inc

ER -