Validasi Policy Statement pada Lemari Penyimpanan Bukti Digital (LPBD)

  • Achmad Syauqi Universitas Islam Indonesia
  • Imam Riadi
  • Yudi Prayudi
Keywords: validasi, policy statement, abac, bukti digital

Abstract

Bukti digital sangat rentan terhadap kerusakan. Oleh sebab itu dalam membuat lemari penyimpanan bukti digital (LPBD) diperlukan adanya access control. Access control sendiri memiliki beberapa model, salah satunya yaitu ABAC. ABAC merupakan salah satu model dari access control yang baru. Karena model ABAC ini mempunyai fungsi yang fleksibel, memungkinkan bersinggungan dengan banyak sekali atribut, hal ini akan menjadi sangat kompleks dan dapat menimbulkan munculnya incosistency dan incompleteness. Maka dari itu implementasi dari ABAC ini harus didukung oleh kebijakan policy yang tepat dan tervalidasi dengan baik agar keamanan dalam LPBD lebih terjamin. Salah satu model pengujian access control yaitu model checking. Model checking ini bersifat memeriksa elemen-elemen di dalam sistem sehingga jika terdapat error maka akan diketahui. Sedangkan tools untuk validasi policy statement terdapat beraneka ragam salah satunya ACPT (Acess Control Policy Testing). Di dalam ACPT terdapat berbagai metode untuk membuat dan menguji policy statement. Pengujian ini dilakukan menggunakan kombinasi algoritma permit overrides dan dilakukan sebanyak 30 kali pengujian. Penelitian ini telah berhasil menguji dan membuktikan bahwa policy statement tersebut tidak menemukan incosistency dan incompleteness. Dalam 30 kali pengujian, policy statement tersebut berjalan sesuai dengan rule yang ada.

References

1] R. Abassi and S. Guemara, "An Automated Validation Method for Security Policies: The Firewall Case," The 4th Int. Conf. on Information Assurance and Security, 2008.
[2] N. Ammar, Z. Malik, A. Rezgui and E. Bertino, "XACML Policy Evaluation with Dynamic Context Handling," IEEE Transactions on Knowledge and Data Engineering, 2016.
[3] M. Aqib and R. A. Shaikh, "An Algorithm to Detect Inconsistencies in Access Control Policies," Proc. of the Intl. Conf. on Advances In Computing, Communication and Information Technology, 2014.
[4] M. Aqib and R. A. Shaikh, "Analysis and Comparison of Access Control Policies Validation Mechanisms," I.J. Computer Network and Information Security, 2015.
[5] L. Bravo, I. Fundulaki and J. Cheney, "ACCOn: checking consistency of XML write-access control policies," In proc. of the 11th Int. Conf. on Extending Database Technology: Advances in Database Technology, EDBT, 2008.
[6] A. Cimatti, E. Clarke, E. Giunchiglia, F. Giunchiglia, M. Pistore, M. Roveri, R. Sebastiani and A. Tacchella, "An OpenSource Tool for Symbolic Model Checking," In Proc. of 14th Int. Conference on Computer Aided Verification (CAV), 2002.
[7] K. Fisler, S. Krishnamurthi, L. A. Meyerovich and M. C. Tschantz, "Verification and Change-Impact Analysisof Access-Control Policies," Proc. of the 27th Int. Conf. on Software engineering, NY, USA, 2005.
[8] C. Huang, J. Sun, X. Wang and Y. Si, "Inconsistency Management of Role Base Access Control Policy," Int. Conf. on E-Business and Information System Security, 2009.
[9] V. R. Karimi and D. D. Cowan, "Verification of Access Control Policies for REA Business Processes," 33rd Annual IEEE Int.Computer Software and Application Conference, 2009.
[10] A. Li, Q. Li, V. C. Hu and J. Di, "Evaluating the Capability and Performance of Access Control Policy Verification Tools," IEEE Military Communications Conference, 2015.
[11] N. Li, J. Hwang and T. Xie, "Multiple-Implementation Testing for XACML Implementations," TAV-WEB '08 Proceedings of the 2008 workshop on Testing, analysis, and verification of web services and applications, 2008.
[12] J. Ma, D. Zhang, G. Xu and Y. Yang, "Model Checking Based Security Policy Verification and Validation," 2nd Int. Workshop on Intelligent Systems & Applications, 2010.
[13] J. Ma, D. Zhang, G. Xu and Y. Yang, "Model Checking Based Security Policy Verification and Validation," 2nd Int. Workshop on Intelligent Systems & Applications, 2010.
[14] M. Mankai and L. Logrippo, "Access Control Policies: Modeling and Validation," Proc. of the 5th NOTERE Conference, Canada, August, 2005.
[15] E. Martin, "Testing and Analysis of Access Control Policies," Proc. of 29th Int. Conf. on Software Engineering, 2007.
[16] B. Shafiq, J. S. Vaidya, A. Ghafoor and E. Bertino, "A Framework for Verification and Optimal Reconfiguration of Event-driven Role Based Access Control Policies," SACMAT, 2012.
[17] F. Tekbacak, T. Tuglular and O. Dikenelli, "An Architecture for Verification of Access Control Policies with Multi Agent System Ontologies," 33rd IEEE Int. Computer Software and Application Conf, 2009.
[18] D. Xu and Y. Zhang, "Specification and Analysis of Attribute-Based Access Control Policies: An Overview," Eighth International Conference on Software Security and Reliability - Companion, 2014.
Published
2019-08-08
PDF
Abstract views: 4
downloads: 4
s