TY - GEN
T1 - Proactive risk assessment for preventing attribute-forgery attacks to ABAC policies
AU - Rubio-Medrano, Carlos E.
AU - Claramunt, Luis
AU - Jogani, Shaishavkumar
AU - Ahn, Gail Joon
PY - 2020/6/10
Y1 - 2020/6/10
N2 - Recently, the use of well-defined, security-relevant pieces of runtime information, a.k.a., attributes, has emerged as a convenient paradigm for writing, enforcing, and maintaining authorization policies, allowing for extended flexibility and convenience. However, attackers may try to bypass such policies, along with their enforcement mechanisms, by maliciously forging the attributes listed on them, e.g., by compromising the attribute sources : operative systems, software modules, remote services, etc., thus gaining unintended access to protected resources as a result. In such a context, performing a proper risk assessment of authorization policies, taking into account their inner structure: rules, attributes, combining algorithms, etc., along with their corresponding sources, becomes highly convenient to overcome \emphzero-day vulnerabilities, before they can be later exploited by attackers. With this in mind, we introduce \toolname, an automated risk assessment framework for authorization policies, which, besides being inspired by well-established techniques for vulnerability analysis such as symbolic execution, also introduces the very first approach for proactively assessing risks in the context of a series of attacks based on unintended attribute manipulation via forgery. We validate our approach by resorting to a set of case studies we performed on both real-life policies originally written in the English language, as well as a set of policies obtained from the literature, which show not only the convenience of our approach for risk assessment, but also reveal that some of those policies are vulnerable to attribute-forgery attacks by just compromising one or two of their attributes.
AB - Recently, the use of well-defined, security-relevant pieces of runtime information, a.k.a., attributes, has emerged as a convenient paradigm for writing, enforcing, and maintaining authorization policies, allowing for extended flexibility and convenience. However, attackers may try to bypass such policies, along with their enforcement mechanisms, by maliciously forging the attributes listed on them, e.g., by compromising the attribute sources : operative systems, software modules, remote services, etc., thus gaining unintended access to protected resources as a result. In such a context, performing a proper risk assessment of authorization policies, taking into account their inner structure: rules, attributes, combining algorithms, etc., along with their corresponding sources, becomes highly convenient to overcome \emphzero-day vulnerabilities, before they can be later exploited by attackers. With this in mind, we introduce \toolname, an automated risk assessment framework for authorization policies, which, besides being inspired by well-established techniques for vulnerability analysis such as symbolic execution, also introduces the very first approach for proactively assessing risks in the context of a series of attacks based on unintended attribute manipulation via forgery. We validate our approach by resorting to a set of case studies we performed on both real-life policies originally written in the English language, as well as a set of policies obtained from the literature, which show not only the convenience of our approach for risk assessment, but also reveal that some of those policies are vulnerable to attribute-forgery attacks by just compromising one or two of their attributes.
KW - Attribute-based access control
KW - Policy bypassing
KW - Risk management, attribute forgery
KW - Zero-day vulnerabiities
UR - http://www.scopus.com/inward/record.url?scp=85086825843&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85086825843&partnerID=8YFLogxK
U2 - 10.1145/3381991.3395615
DO - 10.1145/3381991.3395615
M3 - Conference contribution
AN - SCOPUS:85086825843
T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
SP - 131
EP - 144
BT - SACMAT 2020 - Proceedings of the 25th ACM Symposium on Access Control Models and Technologies
PB - Association for Computing Machinery
T2 - 25th ACM Symposium on Access Control Models and Technologies, SACMAT 2020
Y2 - 10 June 2020 through 12 June 2020
ER -