Skip to main content
SpringerLink
Log in
Book cover

Engineering Adaptive Software Systems pp 57–94Cite as

Challenges in Engineering Self-Adaptive Authorisation Infrastructures

  • Chapter
  • First Online:

Abstract

As organisations expand and interconnect, authorisation infrastructures become increasingly difficult to manage. Several solutions have been proposed, including self-adaptive authorisation, where the access control policies are dynamically adapted at run-time to respond to misuse and malicious behaviour. The ultimate goal of self-adaptive authorisation is to reduce human intervention, make authorisation infrastructures more responsive to malicious behaviour, and manage access control in a more cost-effective way. In this chapter, we scope and define the emerging area of self-adaptive authorisation by describing some of its developments, trends, and challenges. For that, we start by identifying key concepts related to access control and authorisation infrastructures and provide a brief introduction to self-adaptive software systems, which provides the foundation for investigating how self-adaptation can enable the enforcement of authorisation policies. The outcome of this study is the identification of several technical challenges related to self-adaptive authorisation, which are classified according to the different stages of a feedback control loop.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD   109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    Also referred to as the self-adaptive layer.

References

  1. Axiomatics: Axiomatics policy server [Online], Available from: https://www.axiomatics.com/axiomatics-policy-server.html. Accessed 17 Jan 2014

  2. Bailey, C.M.: Self-adaptive Authorisation Infrastructures. Ph.D. thesis, University of Kent (2015)

    Google Scholar 

  3. Bailey, C., Chadwick, D.W., de Lemos, R.: Self-adaptive authorization framework for policy based RBAC/ABAC models. In: Proceedings of the 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing, DASC ’11, pp. 37–44. IEEE Computer Society, Washington, DC (2011). https://doi.org/10.1109/DASC.2011.31

  4. Bailey, C., Chadwick, D.W., de Lemos, R.: Self-adaptive federated authorization infrastructures. J. Comput. Syst. Sci. 80(5), 935–952 (2014). http://www.sciencedirect.com/science/article/pii/S0022000014000154, Special Issue on Dependable and Secure Computing the 9th {IEEE} International Conference on Dependable, Autonomic and Secure Computing

  5. Bailey, C., Montrieux, L., de Lemos, R., Yu, Y., Wermelinger, M.: Run-time generation, transformation, and verification of access control models for self-protection. In: Proceedings of the 9th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, SEAMS 2014, pp. 135–144. ACM, New York (2014). https://doi.org/10.1145/2593929.2593945

  6. BBC: Credit card details on 20 million South Koreans stolen [Online] (Jan 2014), Available from: http://www.bbc.co.uk/news/technology-25808189. Accessed 5 Jan 2014

  7. Benantar, M.: Access Control Systems: Security, Identity Management and Trust Models. Springer, New York (2005)

    MATH  Google Scholar 

  8. Bistarelli, S., Martinelli, F., Santini, F.: A formal framework for trust policy negotiation in autonomic systems: abduction with soft constraints. In: Proceedings of the 7th International Conference on Autonomic and Trusted Computing, ATC’10, vol. 6407, pp. 268–282. Springer, Berlin/Heidelberg (2010). http://dl.acm.org/citation.cfm?id=1927943.1927968

    Google Scholar 

  9. Booth, R., Brooke, H., Moriss, S.: WikiLeaks cables: Bradley Manning faces 52 years in jail [Online] (30 Nov 2010), Available from: http://www.theguardian.com/world/2010/nov/30/wikileaks-cables-bradley-manning. Accessed 5 Jan 2014

    Google Scholar 

  10. Brun, Y., Marzo Serugendo, G., Gacek, C., Giese, H., Kienle, H., Litoiu, M., Müller, H., Pezzè, M., Shaw, M.: Software engineering for self-adaptive systems. Engineering Self-Adaptive Systems Through Feedback Loops, pp. 48–70. Springer, Berlin/Heidelberg (2009). https://doi.org/10.1007/978-3-642-02161-9_3

    Chapter  Google Scholar 

  11. Cappelli, D.M., Moore, A.P., Trzeciak, R.F.: The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes, 1st edn. Addison-Wesley Professional, Upper Saddle River (2012)

    Google Scholar 

  12. Caputo, D., Maloof, M., Stephens, G.: Detecting insider theft of trade secrets. IEEE Secur. Priv. 7(6), 14–21 (2009). https://doi.org/10.1109/MSP.2009.110

    Article  Google Scholar 

  13. Chadwick, D.W., Otenko, A.: The PERMIS X.509 role based privilege management infrastructure. In: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, SACMAT ’02, pp. 135–140. ACM, New York (2002). https://doi.org/10.1145/507711.507732

  14. Chadwick, D.W., Zhao, G., Otenko, S., Laborde, R., Su, L., Nguyen, T.A.: PERMIS: a modular authorization infrastructure. Concurr. Comput. Pract. Exp. 20(11), 1341–1357 (2008). https://doi.org/10.1002/cpe.v20:11

    Article  Google Scholar 

  15. Demchenko, Y., Gommans, L., Laat, C.: Extending role based access control model for distributed multidomain applications. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., Solms, R. (eds.) New Approaches for Security, Privacy and Trust in Complex Environments, IFIP International Federation for Information Processing, vol. 232, pp. 301–312. Springer (2007). https://doi.org/10.1007/978-0-387-72367-9_26

    Chapter  Google Scholar 

  16. de Lemos, R., Potena, P.: Chapter 14 – identifying and handling uncertainties in the feedback control loop. In: Mistrik, I., Ali, N., Kazman, R., Grundy, J., Schmerl, B. (eds.) Managing Trade-Offs in Adaptable Software Architectures. Morgan Kaufmann, pp. 353–367 (2017). ISBN 9780128028551, https://doi.org/10.1016/B978-0-12-802855-1.00014-9

    Chapter  Google Scholar 

  17. de Lemos, R., Giese, H., Müller, H., Shaw, M., Andersson, J., Litoiu, M., Schmerl, B., Tamura, G., Villegas, N., Vogel, T., Weyns, D., Baresi, L., Becker, B., Bencomo, N., Brun, Y., Cukic, B., Desmarais, R., Dustdar, S., Engels, G., Geihs, K., Göschka, K., Gorla, A., Grassi, V., Inverardi, P., Karsai, G., Kramer, J., Lopes, A., Magee, J., Malek, S., Mankovskii, S., Mirandola, R., Mylopoulos, J., Nierstrasz, O., Pezzè, M., Prehofer, C., Schäfer, W., Schlichting, R., Smith, D., Sousa, J., Tahvildari, L., Wong, K., Wuttke, J.: Software engineering for self-adaptive systems: a second research roadmap. In: de Lemos, R., Giese, H., Müller, H., Shaw, M. (eds.) Software Engineering for Self-Adaptive Systems II. Lecture Notes in Computer Science, vol. 7475, pp. 1–32. Springer, Berlin/Heidelberg (2013). https://doi.org/10.1007/978-3-642-35813-5_1

    Chapter  Google Scholar 

  18. Dobson, S., Denazis, S., Fernández, A., Gaïti, D., Gelenbe, E., Massacci, F., Nixon, P., Saffre, F., Schmidt, N., Zambonelli, F.: A survey of autonomic communications. ACM Trans. Auton. Adapt. Syst. 1(2), 223–259 (2006). https://doi.org/10.1145/1186778.1186782

    Article  Google Scholar 

  19. Garlan, D., Cheng, S.W., Huang, A.C., Schmerl, B., Steenkiste, P.: Rainbow: architecture-based self-adaptation with reusable infrastructure. Computer 37(10), 46–54 (2004). https://doi.org/10.1109/MC.2004.175

    Article  Google Scholar 

  20. Hellerstein, J.L., Diao, Y., Parekh, S., Tilbury, D.M.: Feedback Control of Computing Systems. Wiley, New York (2004)

    Book  Google Scholar 

  21. Hu, V.C., Kuhn, D.R., Xie, T., Hwang, J.: Model checking for verification of mandatory access control models and properties. Int. J. Softw. Eng. Knowl. Eng. 21(01), 103–127 (2011)

    Article  Google Scholar 

  22. Hu, V.C., Schnitzer, A., Sandlin, K., Scarfone, K.: Guide to Attribute Based Access Control (ABAC) Definition and Considerations. NIST Special Publication (2013)

    Google Scholar 

  23. IBM: IBM Security Intelligence with Big Data [Online], Available from: http://www-03.ibm.com/security/solution/intelligence-big-data/. Accessed 20 July 2014

  24. ITU-T Rec. X.509: The Directory: Authentication Framework. ISO/IEC 9594-8 (2000)

    Google Scholar 

  25. Janicke, H., Cau, A., Siewe, F., Zedan, H.: Dynamic access control policies. Comput. J. 56(4), 440–463 (2013). https://doi.org/10.1093/comjnl/bxs102

    Article  Google Scholar 

  26. Kalam, A.A.E., Benferhat, S., Miège, A., Baida, R.E., Cuppens, F., Saurel, C., Balbiani, P., Deswarte, Y., Trouessin, G.: Organization based access control. In: Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY ’03, pp. 120–131. IEEE Computer Society (2003). http://dl.acm.org/citation.cfm?id=826036.826869

  27. Kephart, J.O., Chess, D.M.: The vision of autonomic computing. Computer 36(1), 41–50 (2003). https://doi.org/10.1109/MC.2003.1160055

    Article  MathSciNet  Google Scholar 

  28. Koutsonikola, V., Vakali, A.: LDAP: framework, practices, and trends. IEEE Internet Comput. 8(5), 66–72 (2004). https://doi.org/10.1109/MIC.2004.44

    Article  Google Scholar 

  29. Kramer, J., Magee, J.: Self-managed systems: an architectural challenge. In: 2007 Future of Software Engineering, FOSE ’07, pp. 259–268. IEEE Computer Society, Washington, DC (2007). https://doi.org/10.1109/FOSE.2007.19

  30. Lopez, J., Oppliger, R., Pernul, G.: Authentication and authorization infrastructures (AAIS): a comparative survey. Comput. Secur. 23(7), 578–590 (2004). https://doi.org/10.1016/j.cose.2004.06.013

    Article  Google Scholar 

  31. McGraw, R.: Risk-adaptable access control (RADac). Technical report, National Institute of Standards and Technology (NIST) (2009)

    Google Scholar 

  32. Moore, A.P., Hanley, M., Mundie, D.: A pattern for increased monitoring for intellectual property theft by departing insiders. Technical report, CMU/SEI-2012-TR-008, Software Engineering Institute, Carnegie Mellon University, Pittsburgh (2012)

    Google Scholar 

  33. Morgan, R.L., Cantor, S., Carmody, S., Hoehn, W., Klingenstein, K.: Federated security: the Shibboleth approach. EDUCAUSE Q. 27(4), 12–17 (2004). http://www.eric.ed.gov/ERICWebPortal/detail?accno=EJ854029

    Google Scholar 

  34. Mu, C., Li, Y.: An intrusion response decision-making model based on hierarchical task network planning. Expert Syst. Appl. 37(3), 2465–2472 (2010)

    Article  Google Scholar 

  35. NIST: INCITS 359-2004 – Role Based Access Control (2004)

    Google Scholar 

  36. Nurse, J.R., Buckley, O., Legg, P.A., Goldsmith, M., Creese, S., Wright, G.R., Whitty, M.: Understanding insider threat: a framework for characterising attacks. In: Workshop on Research for Insider Threat (WRIT) Held as Part of the IEEE Computer Society Security and Privacy Workshops (SPW14), in conjunction with the IEEE Symposium on Security and Privacy (SP), pp. 214–228. IEEE (2014). http://www.sei.cmu.edu/community/writ2014/

  37. OASIS: Security Assertion Markup Language (SAML) Version 2.0 (2005)

    Google Scholar 

  38. OASIS: eXtensible Access Control Markup Language (XACML) v3.0 (2013)

    Google Scholar 

  39. O’Conner, A.C., Loomis, R.J.: 2010 economic analysis of role-based access control. Technical report, RTI International, NIST (2010)

    Google Scholar 

  40. Oltsik, J.: The 2013 Vormetric insider threat report [Online] (2013), Available from: http://www.vormetric.com/sites/default/files/vormetric-insider-threat-report-oct-2013.pdf. Accessed 12 June 2014

    Google Scholar 

  41. Oreizy, P., Gorlick, M.M., Taylor, R.N., Heimbigner, D., Johnson, G., Medvidovic, N., Quilici, A., Rosenblum, D.S., Wolf, A.L.: An architecture-based approach to self-adaptive software. IEEE Intell. Syst. 14(3), 54–62 (1999). https://doi.org/10.1109/5254.769885

    Article  Google Scholar 

  42. Park, J., Sandhu, R.: The UCONABC usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004). https://doi.org/10.1145/984334.984339

    Article  Google Scholar 

  43. Pashalidis, A., Mitchell, C.J.: A taxonomy of single sign-on systems. In: Proceedings of the 8th Australasian Conference on Information Security and Privacy, ACISP’03, pp. 249–264. Springer, Berlin/Heidelberg (2003). http://dl.acm.org/citation.cfm?id=1760479.1760507

    Chapter  Google Scholar 

  44. Pasquale, L., Menghi, C., Salehie, M., Cavallaro, L., Omoronyia, I., Nuseibeh, B.: Securitas: a tool for engineering adaptive security. In: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, FSE ’12, pp. 19:1–19:4. ACM, New York (2012). https://doi.org/10.1145/2393596.2393618

  45. Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: A community authorization service for group collaboration. In: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY’02), pp. 50–59. IEEE Computer Society, Washington, DC (2002). http://dl.acm.org/citation.cfm?id=863632.883495

  46. PERMIS Standalone Authorisation Server: [Online], Available from: http://sec.cs.kent.ac.uk/permis/. Accessed 5 Jan 2014

  47. Ratha, N.K., Bolle, R.M., Pandit, V.D., Vaish, V.: Robust fingerprint authentication using local structural similarity. In: Fifth IEEE Workshop on Applications of Computer Vision, 2000, pp. 29–34. IEEE (2000). http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.19.8588&rep=rep1&type=pdf

  48. Serrano, M., Meer, S., Strassner, J., Paoli, S., Kerr, A., Storni, C.: Trust and reputation policy-based mechanisms for self-protection in autonomic communications. In: Proceedings of the 6th International Conference on Autonomic and Trusted Computing, ATC ’09, pp. 249–267. Springer, Berlin/Heidelberg (2009). https://doi.org/10.1007/978-3-642-02704-8_19

    Google Scholar 

  49. SimpleSAMLphp: [Online], Available from: http://simplesamlphp.org/. Accessed 5 Jan 2014

  50. Spitzner, L.: Honeypots: catching the insider threat. In: Proceedings of the 19th Annual Computer Security Applications Conference, pp. 170–179. IEEE (2003)

    Google Scholar 

  51. Stakhanova, N., Basu, S., Wong, J.: A cost-sensitive model for preemptive intrusion response systems. In: AINA. vol. 7, pp. 428–435 (2007)

    Google Scholar 

  52. Strasburg, C., Stakhanova, N., Basu, S., Wong, J.S.: A framework for cost sensitive assessment of intrusion response selection. In: Proceedings of the 2009 33rd Annual IEEE International Computer Software and Applications Conference, COMPSAC ’09, vol. 01, pp. 355–360. IEEE Computer Society, Washington, DC (2009). https://doi.org/10.1109/COMPSAC.2009.54

  53. Thompson, M., Johnston, W., Mudumbai, S., Hoo, G., Jackson, K., Essiari, A.: Certificate-based access control for widely distributed resources. In: Proceedings of the 8th Conference on USENIX Security Symposium, SSYM’99, pp. 17–30. USENIX Association, Berkeley (1999). http://dl.acm.org/citation.cfm?id=1251421.1251438

  54. Walsh, C.: New data theft scandal rocks subcontinent’s call centres [Online] (3 Sept 2006), Available from: http://www.theguardian.com/money/2006/sep/03/business.india. Accessed 5 Jan 2014

    Google Scholar 

  55. Weyns, D.: Software engineering of self-adaptive systems: an organised tour and future challenges. In: Cha, S., Taylor, R.N., Kang, K.C. (eds.) Handbook of Software Engineering. Springer, Cham (2018)

    Google Scholar 

  56. Weyns, D., Malek, S., Andersson, J.: Forms: unifying reference model for formal specification of distributed self-adaptive systems. ACM Trans. Auton. Adapt. Syst. 7(1), 8:1–8:61 (2012). https://doi.org/10.1145/2168260.2168268

    Article  Google Scholar 

  57. Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: Proceedings of the IEEE International Conference on Web Services, ICWS ’05, pp. 561–569. IEEE Computer Society, Washington, DC (2005). https://doi.org/10.1109/ICWS.2005.25

  58. Yuan, E., Malek, S., Schmerl, B., Garlan, D., Gennari, J.: Architecture-based self-protecting software systems. In: Proceedings of the 9th International ACM Sigsoft Conference on Quality of Software Architectures, pp. 33–42. ACM (2013)

    Google Scholar 

  59. Yuan, E., Esfahani, N., Malek, S.: A systematic survey of self-protecting software systems. ACM Trans. Auton. Adapt. Syst. 8(4), 17:1–17:41 (2014). https://doi.org/10.1145/2555611

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National Institute of Informatics, Tokyo, Japan

    Lionel Montrieux

  2. University of Kent, Canterbury, UK

    Rogério de Lemos

  3. University of Coimbra, Coimbra, Portugal

    Rogério de Lemos

  4. University of Kent, Canterbury, UK

    Chris Bailey

Authors
  1. Lionel Montrieux
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rogério de Lemos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chris Bailey
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lionel Montrieux .

Editor information

Editors and Affiliations

  1. The Open University, Milton Keynes, UK

    Yijun Yu

  2. The Open University, Milton Keynes, UK

    Arosha Bandara

  3. National Institute of Informatics, Tokyo, Japan

    Shinichi Honiden

  4. National Institute of Informatics, Tokyo, Japan

    Zhenjiang Hu

  5. Hosei University , Tokyo, Japan

    Tetsuo Tamai

  6. University of Victoria , Victoria, BC, Canada

    Hausi Muller

  7. University of Toronto, Toronto, Canada

    John Mylopoulos

  8. The Open University, Milton Keynes, UK

    Bashar Nuseibeh

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Montrieux, L., de Lemos, R., Bailey, C. (2019). Challenges in Engineering Self-Adaptive Authorisation Infrastructures. In: Yu, Y., et al. Engineering Adaptive Software Systems. Springer, Singapore. https://doi.org/10.1007/978-981-13-2185-6_3

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-2185-6_3

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-2184-9

  • Online ISBN: 978-981-13-2185-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation