"Shifting Access Control Left" using Asset and Goal Models

• URL: http://arxiv.org/abs/2504.17906v1
• Date: Thu, 24 Apr 2025 19:45:11 GMT
• Title: "Shifting Access Control Left" using Asset and Goal Models
• Authors: Shamal Faily,
• Abstract summary: We present a tool-supported technique identifying knowledge asymmetries around access control based on asset and goal models.<n>We provide boundary objects to make access control transparent, thereby making knowledge about access control concerns more symmetric.
• Score: 0.8158530638728498
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Access control needs have broad design implications, but access control specifications may be elicited before, during, or after these needs are captured. Because access control knowledge is distributed, we need to make knowledge asymmetries more transparent, and use expertise already available to stakeholders. In this paper, we present a tool-supported technique identifying knowledge asymmetries around access control based on asset and goal models. Using simple and conventional modelling languages that complement different design techniques, we provide boundary objects to make access control transparent, thereby making knowledge about access control concerns more symmetric. We illustrate this technique using a case study example considering the suitability of a reusable software component in a new military air system.

Related papers

• SudoLM: Learning Access Control of Parametric Knowledge with Authorization Alignment [51.287157951953226]
  We propose SudoLM, a framework that lets LLMs learn access control over specific parametric knowledge.<n> Experiments on two application scenarios demonstrate that SudoLM effectively controls the user's access to the parametric knowledge and maintains its general utility.
  arXiv  Detail & Related papers  (2024-10-18T17:59:51Z)
• Comparison of Access Control Approaches for Graph-Structured Data [0.0]
  Graph-structured data requires advanced, flexible, and fine-grained access control due to its complex structure. Several research works focus on protecting property graph-structured data, enforcing fine-grained access control, and proving the feasibility and applicability of their concept. We select works from our systematic literature review on authorization and access control for different database models in addition to recent ones.
  arXiv  Detail & Related papers  (2024-05-31T12:31:05Z)
• Fine-grained Controllable Video Generation via Object Appearance and Context [74.23066823064575]
  We propose fine-grained controllable video generation (FACTOR) to achieve detailed control. FACTOR aims to control objects' appearances and context, including their location and category. Our method achieves controllability of object appearances without finetuning, which reduces the per-subject optimization efforts for the users.
  arXiv  Detail & Related papers  (2023-12-05T17:47:33Z)
• Rethinking Privacy in Machine Learning Pipelines from an Information Flow Control Perspective [16.487545258246932]
  Modern machine learning systems use models trained on ever-growing corpora. metadata such as ownership, access control, or licensing information is ignored during training. We take an information flow control perspective to describe machine learning systems.
  arXiv  Detail & Related papers  (2023-11-27T13:14:39Z)
• Deep Learning meets Blockchain for Automated and Secure Access Control [0.0]
  We propose DLACB, a Deep Learning Based Access Control Using, as a solution to decentralized access control. DLACB uses blockchain to provide transparency, traceability, and reliability in various domains such as medicine, finance, and government. As all data is recorded on the blockchain, we have the capability to identify malicious activities.
  arXiv  Detail & Related papers  (2023-11-10T18:50:56Z)
• A General Framework for Verification and Control of Dynamical Models via Certificate Synthesis [54.959571890098786]
  We provide a framework to encode system specifications and define corresponding certificates. We present an automated approach to formally synthesise controllers and certificates. Our approach contributes to the broad field of safe learning for control, exploiting the flexibility of neural networks.
  arXiv  Detail & Related papers  (2023-09-12T09:37:26Z)
• Sparsity-Aware Intelligent Massive Random Access Control in Open RAN: A Reinforcement Learning Based Approach [61.74489383629319]
  Massive random access of devices in the emerging Open Radio Access Network (O-RAN) brings great challenge to the access control and management. reinforcement-learning (RL)-assisted scheme of closed-loop access control is proposed to preserve sparsity of access requests. Deep-RL-assisted SAUD is proposed to resolve highly complex environments with continuous and high-dimensional state and action spaces.
  arXiv  Detail & Related papers  (2023-03-05T12:25:49Z)
• In-Distribution Barrier Functions: Self-Supervised Policy Filters that Avoid Out-of-Distribution States [84.24300005271185]
  We propose a control filter that wraps any reference policy and effectively encourages the system to stay in-distribution with respect to offline-collected safe demonstrations. Our method is effective for two different visuomotor control tasks in simulation environments, including both top-down and egocentric view settings.
  arXiv  Detail & Related papers  (2023-01-27T22:28:19Z)
• Machine Learning in Access Control: A Taxonomy and Survey [0.0]
  We survey and summarize various machine learning approaches to solve different access control problems. We highlight current limitations and open challenges such as lack of public real-world datasets, administration of ML-based access control systems, understanding a black-box ML model's decision, etc.
  arXiv  Detail & Related papers  (2022-07-04T22:36:27Z)
• Toward Deep Learning Based Access Control [3.2511618464944547]
  This paper proposes Deep Learning Based Access Control (DLBAC) by leveraging significant advances in deep learning technology. DLBAC could complement and, in the long-term, has the potential to even replace, classical access control models with a neural network. We demonstrate the feasibility of the proposed approach by addressing issues related to accuracy, generalization, and explainability.
  arXiv  Detail & Related papers  (2022-03-28T22:05:11Z)
• Safe RAN control: A Symbolic Reinforcement Learning Approach [62.997667081978825]
  We present a Symbolic Reinforcement Learning (SRL) based architecture for safety control of Radio Access Network (RAN) applications. We provide a purely automated procedure in which a user can specify high-level logical safety specifications for a given cellular network topology. We introduce a user interface (UI) developed to help a user set intent specifications to the system, and inspect the difference in agent proposed actions.
  arXiv  Detail & Related papers  (2021-06-03T16:45:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.