Introduction to special section SACMAT'08

Abstract

This issue of TISSEC includes extended versions of articles selected from the program of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT 2008), which took place from June 11 to 13, 2008 in Estes Park, CO. SACMAT is a successful series of symposiums that continue the tradition, first established by the ACM Workshop on Role-Based Access Control, of being the premier forum for the presentation of research results and experience reports on leading-edge issues of access control, including models, systems, applications, and theory. The missions of the symposium are to share novel access control solutions that fulfill the needs of heterogeneous applications and environments and to identify new directions for future research and development. SACMAT gives researchers and practitioners a unique opportunity to share their perspectives with others interested in the various aspects of access control. The articles in this special issue were invited for submission from the 20 articles presented at SACMAT 2008. These were selected from 79 submissions from authors in 24 countries in Africa, Asia, Australia, Europe, North America, and South America. All the journal submissions went through an additional thorough review process to further ensure their quality. The first article “Detecting and Resolving Policy Misconfigurations in Access-Control Systems” by Lujo Bauer, Scott Garriss, and Michael K. Reiter applies association rule mining to the history of accesses to predict changes to access-control policies that are likely to be consistent with users’ intention, so that these changes can be instituted in advance of misconfigurations interfering with legitimate accesses. As instituting these changes requires the consent of the appropriate administrator, the article also introduces techniques to automatically determine from whom to seek consent and to minimize the costs of doing so. The proposed techniques are evaluated using data from a deployed access-control system. The second article “Authorization Recycling in Hierarchical RBAC Systems” by Qiang Wei, Jason Crampton, Konstantin Beznosov, and Matei Ripeanu introduces and evaluates the mechanisms for authorization “recycling” in RBAC enterprise systems. These mechanisms cache and reuse previous authorization decisions to help address the problem that the policy decision point in distributed applications tends to become a single point of failure and a performance bottleneck. The algorithms that support these mechanisms allow making precise and approximate authorization decisions, thereby masking possible failures of the authorization server and reducing its load. I would like to thank all the authors for submitting their research results in this special issue and to all the reviewers for their insightful comments. I am also grateful to Gene Tsudik, editor-in-chief, for his guidance and help throughout this process.