Self-adaptive federated authorization infrastructures

Authorization infrastructures are an integral part of any network where resources need to be protected. As networks expand and organizations start to federate access to their resources, authorization infrastructures become increasingly difficult to manage. In this paper, we explore the automatic ada...

Full description

Saved in:
Bibliographic Details
Published inJournal of computer and system sciences Vol. 80; no. 5; pp. 935 - 952
Main Authors Bailey, Christopher, Chadwick, David W., de Lemos, Rogério
Format Journal Article
LanguageEnglish
Published Elsevier Inc 01.08.2014
Subjects
ABAC
Adaptation
Authorization
Autonomic security
Computer simulation
Control systems
Federations
Identity management
Infrastructure
Monitors
Networks
PERMIS
Policies
Policy management
RBAC
SAML
Self-adaptation
Authorization
Self-adaptation
RBAC
Autonomic security
SAML
PERMIS
Policy management
ABAC
Identity management
Online AccessGet full text

Cover

More Information
Summary:Authorization infrastructures are an integral part of any network where resources need to be protected. As networks expand and organizations start to federate access to their resources, authorization infrastructures become increasingly difficult to manage. In this paper, we explore the automatic adaptation of authorization assets (policies and subject access rights) in order to manage federated authorization infrastructures. We demonstrate adaptation through a Self-Adaptive Authorization Framework (SAAF) controller that is capable of managing policy based federated role/attribute access control authorization infrastructures. The SAAF controller implements a feedback loop to monitor the authorization infrastructure in terms of authorization assets and subject behavior, analyze potential adaptations for handling malicious behavior, and act upon authorization assets to control future authorization decisions. We evaluate a prototype of the SAAF controller by simulating malicious behavior within a deployed federated authorization infrastructure (federation), demonstrating the escalation of adaptation, along with a comparison of SAAF to current technology. •Definition and design of a self-adaptive authorization infrastructure.•Utilizes an autonomic controller implementing a MAPE-K feedback loop.•Identifies and responds to malicious user behavior.•Demonstrates the active adaptation of user credentials and authorization policies.•Implemented in a SAML federation using PERMIS authorization policies.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 23
ISSN:0022-0000
1090-2724
DOI:10.1016/j.jcss.2014.02.003