Safety Analysis in the NGAC Model

Brian Tan; Ewan S. D. Davies; Indrakshi Ray; Mahmoud A. Abdelgawad

arXiv:2505.06406·cs.CC·May 13, 2025

Safety Analysis in the NGAC Model

Brian Tan, Ewan S. D. Davies, Indrakshi Ray, Mahmoud A. Abdelgawad

PDF

TL;DR

This paper analyzes the computational complexity of safety verification in the NGAC access control model, demonstrating coNP-completeness and providing an improved algorithm that performs well in typical cases despite worst-case scenarios.

Contribution

It establishes the complexity of the safety problem in NGAC and introduces an efficient algorithm for practical safety analysis under realistic assumptions.

Findings

01

Safety problem is coNP-complete under mild assumptions.

02

Proposed algorithm outperforms brute force search in typical scenarios.

03

Real-world mutually exclusive attributes can cause near worst-case performance.

Abstract

We study the safety problem for the next-generation access control (NGAC) model. We show that under mild assumptions it is coNP-complete, and under further realistic assumptions we give an algorithm for the safety problem that significantly outperforms naive brute force search. We also show that real-world examples of mutually exclusive attributes lead to nearly worst-case behavior of our algorithm.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.