{"id":"https://openalex.org/W3028672660","doi":"https://doi.org/10.1145/3381991.3395615","title":"Proactive Risk Assessment for Preventing Attribute-Forgery Attacks to ABAC Policies","display_name":"Proactive Risk Assessment for Preventing Attribute-Forgery Attacks to ABAC Policies","publication_year":2020,"publication_date":"2020-05-29","ids":{"openalex":"https://openalex.org/W3028672660","doi":"https://doi.org/10.1145/3381991.3395615","mag":"3028672660"},"language":"en","primary_location":{"id":"doi:10.1145/3381991.3395615","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3381991.3395615","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 25th ACM Symposium on Access Control Models and Technologies","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5031836695","display_name":"Carlos Rubio-Medrano","orcid":"https://orcid.org/0000-0001-8931-6412"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Carlos E. Rubio-Medrano","raw_affiliation_strings":["Arizona State University, Tempe, AZ, USA"],"affiliations":[{"raw_affiliation_string":"Arizona State University, Tempe, AZ, USA","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5010049317","display_name":"Luis Claramunt","orcid":"https://orcid.org/0009-0002-0634-3760"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Luis Claramunt","raw_affiliation_strings":["Arizona State University, Tempe, AZ, USA"],"affiliations":[{"raw_affiliation_string":"Arizona State University, Tempe, AZ, USA","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005755464","display_name":"Shaishavkumar Jogani","orcid":null},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shaishavkumar Jogani","raw_affiliation_strings":["Arizona State University, Tempe, AZ, USA"],"affiliations":[{"raw_affiliation_string":"Arizona State University, Tempe, AZ, USA","institution_ids":["https://openalex.org/I55732556"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5025770693","display_name":"Gail\u2010Joon Ahn","orcid":"https://orcid.org/0000-0002-4271-1666"},"institutions":[{"id":"https://openalex.org/I55732556","display_name":"Arizona State University","ror":"https://ror.org/03efmqc40","country_code":"US","type":"education","lineage":["https://openalex.org/I55732556"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gail-Joon Ahn","raw_affiliation_strings":["Arizona State University, Tempe, AZ, USA"],"affiliations":[{"raw_affiliation_string":"Arizona State University, Tempe, AZ, USA","institution_ids":["https://openalex.org/I55732556"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5031836695"],"corresponding_institution_ids":["https://openalex.org/I55732556"],"apc_list":null,"apc_paid":null,"fwci":0.6976,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.80202707,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"131","last_page":"144"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9951000213623047,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.812010645866394},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7493026256561279},{"id":"https://openalex.org/keywords/flexibility","display_name":"Flexibility (engineering)","score":0.6925061345100403},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.6493375897407532},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5889616012573242},{"id":"https://openalex.org/keywords/enforcement","display_name":"Enforcement","score":0.5505684018135071},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.5436330437660217},{"id":"https://openalex.org/keywords/unintended-consequences","display_name":"Unintended consequences","score":0.47534868121147156},{"id":"https://openalex.org/keywords/security-policy","display_name":"Security policy","score":0.4519113004207611},{"id":"https://openalex.org/keywords/authorization","display_name":"Authorization","score":0.44525015354156494},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.38905248045921326},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.12057960033416748},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.1133219301700592}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.812010645866394},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7493026256561279},{"id":"https://openalex.org/C2780598303","wikidata":"https://www.wikidata.org/wiki/Q65921492","display_name":"Flexibility (engineering)","level":2,"score":0.6925061345100403},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.6493375897407532},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5889616012573242},{"id":"https://openalex.org/C2779777834","wikidata":"https://www.wikidata.org/wiki/Q4202277","display_name":"Enforcement","level":2,"score":0.5505684018135071},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.5436330437660217},{"id":"https://openalex.org/C2776889888","wikidata":"https://www.wikidata.org/wiki/Q1135789","display_name":"Unintended consequences","level":2,"score":0.47534868121147156},{"id":"https://openalex.org/C154908896","wikidata":"https://www.wikidata.org/wiki/Q2167404","display_name":"Security policy","level":2,"score":0.4519113004207611},{"id":"https://openalex.org/C108759981","wikidata":"https://www.wikidata.org/wiki/Q788590","display_name":"Authorization","level":2,"score":0.44525015354156494},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.38905248045921326},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.12057960033416748},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.1133219301700592},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.0},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3381991.3395615","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3381991.3395615","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 25th ACM Symposium on Access Control Models and Technologies","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.6700000166893005,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W1593067057","https://openalex.org/W1863670505","https://openalex.org/W1936559075","https://openalex.org/W1997888312","https://openalex.org/W2033238208","https://openalex.org/W2065890363","https://openalex.org/W2068189899","https://openalex.org/W2081119785","https://openalex.org/W2101512909","https://openalex.org/W2110723603","https://openalex.org/W2120050784","https://openalex.org/W2154889864","https://openalex.org/W2156294488","https://openalex.org/W2166602595","https://openalex.org/W2298494124","https://openalex.org/W2350636275","https://openalex.org/W2548236240","https://openalex.org/W2566006170","https://openalex.org/W2595626209","https://openalex.org/W2598848726","https://openalex.org/W2601096670","https://openalex.org/W2749040653","https://openalex.org/W2765848208","https://openalex.org/W3004248202","https://openalex.org/W3124136430","https://openalex.org/W4300655138"],"related_works":["https://openalex.org/W4367679432","https://openalex.org/W4248277314","https://openalex.org/W4387098652","https://openalex.org/W4380051107","https://openalex.org/W2964483883","https://openalex.org/W4283465890","https://openalex.org/W4226026301","https://openalex.org/W4237585931","https://openalex.org/W2092503922","https://openalex.org/W2473372874"],"abstract_inverted_index":{"Recently,":[0],"the":[1,47,55,150,159,194,206,212],"use":[2],"of":[3,7,85,161,164,182,202,214,225,239],"well-defined,":[4],"security-relevant":[5],"pieces":[6],"runtime":[8],"information,":[9],"a.k.a.,":[10],"attributes,":[11,95],"has":[12],"emerged":[13],"as":[14,73,145,197,199],"a":[15,74,78,81,162,180,200],"convenient":[16,106],"paradigm":[17],"for":[18,26,131,141,154,217],"writing,":[19],"enforcing,":[20],"and":[21,29],"maintaining":[22],"authorization":[23,86,132],"policies,":[24,38,87,133],"allowing":[25],"extended":[27],"flexibility":[28],"conve\u00adnien\u00adce.":[30],"However,":[31],"attackers":[32],"may":[33],"try":[34],"to":[35,70,107,179,230],"bypass":[36],"such":[37,77,144],"along":[39,99],"with":[40,100],"their":[41,91,101,240],"enforcement":[42],"mechanisms,":[43],"by":[44,53,117,138,177,233],"maliciously":[45],"forging":[46],"attribu\u00adtes":[48],"listed":[49],"on":[50,167,187],"them,":[51],"e.g.,":[52],"compromising":[54,235],"attribute":[56,169],"sources":[57],":":[58],"operative":[59],"systems,":[60],"software":[61],"modules,":[62],"remote":[63],"services,":[64],"etc.,":[65,98],"thus":[66],"gaining":[67],"unintended":[68,168],"access":[69],"protected":[71],"resources":[72],"result.":[75],"In":[76],"context,":[79],"performing":[80],"proper":[82],"risk":[83,128,218],"assessment":[84,129],"taking":[88],"into":[89],"account":[90],"inner":[92],"structure:":[93],"rules,":[94],"combining":[96],"algorithms,":[97],"corresponding":[102],"sour\u00adces,":[103],"becomes":[104],"highly":[105],"overcome":[108],"\\emphzero-day":[109],"vulnerabilities,":[110],"before":[111],"they":[112],"can":[113],"be":[114],"later":[115],"exploited":[116],"attackers.":[118],"With":[119],"this":[120],"in":[121,158,193],"mind,":[122],"we":[123,185],"introduce":[124],"\\toolname,":[125],"an":[126],"automated":[127],"framework":[130],"which,":[134],"besides":[135],"being":[136],"inspired":[137],"well-established":[139],"techniques":[140],"vulnerability":[142],"analysis":[143],"symbolic":[146],"execution,":[147],"also":[148,221],"introduces":[149],"very":[151],"first":[152],"approach":[153,176,216],"proactively":[155],"assessing":[156],"risks":[157],"context":[160],"series":[163],"attacks":[165,232],"based":[166],"manipulation":[170],"via":[171],"forgery.":[172],"We":[173],"validate":[174],"our":[175,215],"resorting":[178],"set":[181,201],"case":[183],"studies":[184],"performed":[186],"both":[188],"real-life":[189],"policies":[190,203,227],"originally":[191],"written":[192],"English":[195],"language,":[196],"well":[198],"obtained":[204],"from":[205],"literature,":[207],"which":[208],"show":[209],"not":[210],"only":[211],"convenience":[213],"assessment,":[219],"but":[220],"reveal":[222],"that":[223],"some":[224],"those":[226],"are":[228],"vulnerable":[229],"attribute-forgery":[231],"just":[234],"one":[236],"or":[237],"two":[238],"attributes.":[241]},"counts_by_year":[{"year":2023,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}