Easy Expression of Authorisation Policies
Lead Research Organisation:
University College London
Department Name: Computer Science
Abstract
The primary purpose of this 20 month long project is to allow Gridmanagers to be able to specify the authorisation policy for access totheir Grid computing resources through the use of controlled naturallanguage. The policy tool will parse the policy, interpret it, and store it in its own internal representation, using a model and ontologydeveloped at the start of the research. The policy tool will prompt themanager to clarify any unclear terms (e.g. what is Fred? Is it afilename or a username?), resolve any ambiguities, and once this hasbeen done will print the policy out in similar natural language, usingwording as near to the original input language as possible. This willallow the manager to see if the computer has fully understood hispolicy, but if not, the manager will need to edit his policy andresubmit it, until the computer's version is identical in meaning to his own. Finally, the tool will compile the policy into two existing XML authorization policy languages (XACML and PERMIS) so that the policy can be automatically fed into existing Grid authorization engines (policy decision points). In this way, we can be assured that the policy that is implemented is the one that the manager intended it to be.
Organisations
People |
ORCID iD |
Martina Angela Sasse (Principal Investigator) |
Publications
Bartsch S
(2012)
Guiding decisions on authorization policies
Bartsch S
(2013)
How Users Bypass Access Control - And Why: The Impact Of Authorization Problems On Individuals And The Organization
in European Conference on Information Systems (ECIS) 2013 Completed Research
Chadwick
(2008)
Expressing Security Policies in Natural Language
Inglesant P
(2008)
Expressions of expertness
N/a Chadwick
(2006)
The Virtuous Circle of Expressing Authorization
Description | The UCL contribution to the project was to evaluate the authoring tools developed by the project partners at UKC, identify why untraned users struggle with the authoring tool, and why, and identify a route to more accessible access control. We found that natural language support leads to a limited improvement in authoring of correct policies, but takes a significant amount of time. We also found that the root of the problem is that untrained users have difficulty to abstract from specific cases to classes of roles and resources. |
Exploitation Route | Access control was traditionally carried out by people with a significant amount of technical expertise - system administrators. Since system administrators are an expensive resource, and the number of resources which need access control protection has been increasing rapidly, access control is now typically handled by people with lilttle or no technical expertise or training. This also applies to consumers - for instance when setting privacy policies on social networking sites. We have buiilt on the findings from this project to study access control problems in a major Criitical National Infrastructures company, as part of a TSB-funded project Trust Economics (2008-2011), and identified ways of providing more flexible access control. |
Sectors | Digital/Communication/Information Technologies (including Software) |
URL | http://hornbeam.cs.ucl.ac.uk/hcs/projects/eeap.html |