Quantitative Assessment of Access Control in Complex Distributed Systems
Investigators: David Nicol and William Sanders
The technical merit of the proposal is to bring the mathematical science of importance sampling to bear on critical problems in network security. The work is important because the existing tools for validating access control configurations are inadequate for large systems compromised of multiple interacting access control mechanisms. Our work will provide a basis for assessing how well a system meets global policy objectives, and for comparing different configurations to determine which better meets those objectives. In addition, the sampling approach provides a mathematical basis for assessing the resiliency of a system’s access control mechanisms to intrusions that create connections that bypass its intent. The immediate impact will be an increased “in the field” capability to assess a system’s access control posture and its resilience to intrusion. The long-term impact is in providing a first basis for an engineering science of access control.
Hard Problem Addressed
- Security-Metrics-Driven Evaluation, Design, Development and Deployment
- David Nicol and Vikas Mallapura, “Modeling and Analysis of Stepping Stone Attacks,” 2014 Winter Simulation Conference, Savannah, GA, December 7-10, 2014. [full text]