From 9a706765f2ab2239387d0b84f9e61df8c4f77e7b Mon Sep 17 00:00:00 2001 From: Marco Pernpruner Date: Fri, 29 Sep 2023 10:30:26 +0200 Subject: [PATCH] Remove pages as per Stefano's request --- _complementary/POLSIM2023.md | 22 ---------------------- _data/tools.yml | 8 +------- _tools/PolicySimulator.md | 22 ---------------------- 3 files changed, 1 insertion(+), 51 deletions(-) delete mode 100644 _complementary/POLSIM2023.md delete mode 100644 _tools/PolicySimulator.md diff --git a/_complementary/POLSIM2023.md b/_complementary/POLSIM2023.md deleted file mode 100644 index 236dd3b3..00000000 --- a/_complementary/POLSIM2023.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -title: A Simulation Framework for the Experimental Evaluation of Access Control Enforcement Mechanisms based on Business Processes -paper: POLSIM2023 -status: to submit - -abstract: > - While the security analysis of Access Control (AC) policies has received a lot of attention, the same cannot be said for their enforcement. As systems become more distributed (e.g., centralized services may become a bottleneck) and legal compliance constraints stricter (e.g., the problem of honest but curious Cloud providers in the light of privacy regulations), the fine-tuning of AC enforcement mechanisms is likely to become more and more important. This is especially true in scenarios where the quality of service may suffer from computationally heavy security mechanisms and low latency is a prominent requirement. As a first step towards a principled approach to fine-tune AC enforcement, this paper introduces a methodology providing the means to measure the performance of AC enforcement mechanisms through the simulation of realistic deployment scenarios. To do so, we base our methodology on Business Process Model and Notation (BPMN) workflows—that provide for an appropriate abstraction of the sequence of requests toward AC enforcement mechanisms performed by applications—to derive lists of AC operations (e.g., access a resource, revoke a permission) and execute them to evaluate and compare the performance of different mechanisms. Finally, we implement our methodology and apply it to three case studies representative of both traditional centralized AC—i.e., the Open Policy Agent (OPA) and the eXtensible Access Control Markup Language (XACML)—and decentralized Cryptographic Access Control (CAC)—i.e., CryptoAC—. - -people: - - StefanoBerlato - - RobertoCarbone - - SilvioRanise - -peopleOrder: surname ---- - -Below, you find links to complementary material and additional resources referenced in the paper. - - -### Experimental Results - -The experimental results of the experimentation described in the paper are available [**here**](/assets/areas/complementary/POLSIM2023/results.zip). Please see [**the repository**](https://github.com/stfbk/PolicySimulator) for more details on the **Policy Simulator**. diff --git a/_data/tools.yml b/_data/tools.yml index fde31dd6..83ef6709 100644 --- a/_data/tools.yml +++ b/_data/tools.yml @@ -71,10 +71,4 @@ name: TLSAssistant description: A fully-featured tool that combines state-of-the-art TLS analyzers with a report system that suggests appropriate mitigations and shows the full set of viable attacks. urlCode: https://github.com/stfbk/tlsassistant - urlDocumentation: /tools/TLSAssistant - -- id: PolicySimulator - name: PolicySimulator - description: A Simulation Framework for the Experimental Evaluation of Access Control Enforcement Mechanisms based on Business Processes. - urlCode: https://github.com/stfbk/PolicySimulator - urlDocumentation: /tools/PolicySimulator \ No newline at end of file + urlDocumentation: /tools/TLSAssistant \ No newline at end of file diff --git a/_tools/PolicySimulator.md b/_tools/PolicySimulator.md deleted file mode 100644 index fdee7671..00000000 --- a/_tools/PolicySimulator.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -title: PolicySimulator -subtitle: A Simulation Framework for the Experimental Evaluation of Access Control Enforcement Mechanisms based on Business Processes - -people: - - StefanoBerlato - - RobertoCarbone - - SilvioRanise - -peopleOrder: surname - -publications: - - POLSIM2023 ---- - -### Description - -While the security analysis of Access Control (AC) policies has received a lot of attention, the same cannot be said for their **enforcement**. As systems become more distributed (e.g., centralized services may become a *bottleneck*) and legal compliance constraints stricter (e.g., the problem of *honest but curious* Cloud providers in the light of privacy regulations), the **fine-tuning of AC enforcement mechanisms** is likely to become more and more important. This is especially true in scenarios where the quality of service may suffer from **computationally heavy security mechanisms** and low latency is a prominent requirement. - -As a first step towards a principled approach to fine-tune AC enforcement, we wrote a scientific article entitled "A Simulation Framework for the Experimental Evaluation of Access Control Enforcement Mechanisms based on Business Processes"; the article proposes a methodology providing the means to **measure the performance of AC enforcement mechanisms through the simulation of realistic deployment scenarios**. To do so, we base our methodology on Business Process Model and Notation (BPMN) workflows—that provide for an appropriate abstraction of the sequence of requests toward AC enforcement mechanisms performed by applications—to derive lists of AC operations (e.g., access a resource, revoke a permission) and execute them to evaluate and compare the performance of different mechanisms. - -Please see [**the repository**](https://github.com/stfbk/PolicySimulator) for more details on the **Policy Simulator**. \ No newline at end of file