Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers

Research Article

Generation of Transmission Control Rules Compliant with Existing Access Control Policies

Download
168 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-28865-9_24,
        author={Yoann Bertrand and Mireille Blay-Fornarino and Karima Boudaoud and Michel Riveill},
        title={Generation of Transmission Control Rules Compliant with Existing Access Control Policies},
        proceedings={Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2016},
        month={2},
        keywords={Security Access Control Security policies Transmission Control Transmission security Data Loss Prevention Data Leak Prevention Data leakage},
        doi={10.1007/978-3-319-28865-9_24}
    }
    
  • Yoann Bertrand
    Mireille Blay-Fornarino
    Karima Boudaoud
    Michel Riveill
    Year: 2016
    Generation of Transmission Control Rules Compliant with Existing Access Control Policies
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-28865-9_24
Yoann Bertrand1,*, Mireille Blay-Fornarino1,*, Karima Boudaoud1,*, Michel Riveill1,*
  • 1: University of Nice Sophia Antipolis, CNRS, I3S, UMR 7271
*Contact email: bertrand@i3s.unice.fr, blay@i3s.unice.fr, boudaoud@i3s.unice.fr, riveill@i3s.unice.fr

Abstract

Access Control (AC) is a well known mechanism that allows access restriction to resources. Nevertheless, it does not provide notification when a resource is retransmitted to an unauthorized third party. To overcome this issue, one can use mechanisms such as Data Loss/Leak Prevention (DLP) or Transmission Control (TC). These mechanisms are based on policies that are defined by security experts. Unfortunately, these policies can contradict existing AC rules, leading to security leakage (i.e. a legitimate user is allowed to send a resource to someone who has no access rights in the AC).