Safety Analysis in the NGAC Model
Brian Tan, Ewan S. D. Davies, Indrakshi Ray, Mahmoud A. Abdelgawad
TL;DR
The paper tackles safety analysis in the NGAC model, formalizing SP and coSP and proving that the co-safety problem is NP-complete via a reduction to directed acyclic constrained connectivity (DACC), which itself captures path constraints in a static digraph. To address practical analysis, the authors develop an MIS-based algorithm that enumerates maximal independent sets of the constraint graph and checks for possible access paths, leveraging the Moon–Moser bound that limits the number of MIS to at most $| extmu(C)| \,\le 1.45^{|V|^2}$. The approach reduces the dynamic safety question to repeated DACC checks on a constructed supergraph $ extGamma$ and a constraint graph $C$, with running time depending on problem structure and the MIS count. Real-world NGAC models tend to induce small, disjoint cliques in $C$ via mutually exclusive attributes, which can drive worst-case performance, highlighting a strong link between combinatorial structure and safety analysis efficacy. Overall, the work provides both a rigorous complexity characterization and a practically motivated algorithmic framework for NGAC safety with insights into when it performs best or degrades.
Abstract
We study the safety problem for the next-generation access control (NGAC) model. We show that under mild assumptions it is coNP-complete, and under further realistic assumptions we give an algorithm for the safety problem that significantly outperforms naive brute force search. We also show that real-world examples of mutually exclusive attributes lead to nearly worst-case behavior of our algorithm.
