Automated verification of access control policies using a SAT solver

被引:66
|
作者
Graham Hughes
Tevfik Bultan
机构
[1] University of California,Computer Science Department
来源
International Journal on Software Tools for Technology Transfer | 2008年 / 10卷 / 6期
关键词
Access control; Automated verification;
D O I
10.1007/s10009-008-0087-9
中图分类号
学科分类号
摘要
Managing access control policies in modern computer systems can be challenging and error-prone. Combining multiple disparate access policies can introduce unintended consequences. In this paper, we present a formal model for specifying access to resources, a model that encompasses the semantics of the xacml access control language. From this model we define several ordering relations on access control policies that can be used to automatically verify properties of the policies. We present a tool for automatically verifying these properties by translating these ordering relations to Boolean satisfiability problems and then applying a sat solver. Our experimental results demonstrate that automated verification of xacml policies is feasible using this approach.
引用
收藏
页码:503 / 520
页数:17
相关论文
共 50 条
  • [1] Automated Generation, Verification, and Ranking of Secure SoC Access Control Policies
    Meza, Andres
    Kastner, Ryan
    2023 CYBER-PHYSICAL SYSTEMS AND INTERNET-OF-THINGS WEEK, CPS-IOT WEEK WORKSHOPS, 2023, : 198 - 202
  • [2] Dynamic Access Control Policies: Specification and Verification
    Janicke, H.
    Cau, A.
    Siewe, F.
    Zedan, H.
    COMPUTER JOURNAL, 2013, 56 (04) : 440 - 463
  • [3] Automated Analysis of Access Control Policies Based on Model Checking
    Truong A.
    SN Computer Science, 2020, 1 (6)
  • [4] UML specification of access control policies and their formal verification
    Koch M.
    Parisi-Presicce F.
    Software & Systems Modeling, 2006, 5 (4) : 429 - 447
  • [5] iOracle: Automated Evaluation of Access Control Policies in iOS
    Deshotels, Luke
    Deaconescu, Razvan
    Carabas, Costin
    Manda, Iulia
    Enck, William
    Chiroiu, Mihai
    Li, Ninghui
    Sadeghi, Ahmad-Reza
    PROCEEDINGS OF THE 2018 ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (ASIACCS'18), 2018, : 117 - 131
  • [6] A Formal Approach for the Verification of AWS IAM Access Control Policies
    Zahoor, Ehtesham
    Asma, Zubaria
    Perrin, Olivier
    SERVICE-ORIENTED AND CLOUD COMPUTING (ESOCC 2017), 2017, 10465 : 59 - 74
  • [7] Verification of Information Flow and Access Control Policies with Dependent Types
    Nanevski, Aleksandar
    Banerjee, Anindya
    Garg, Deepak
    2011 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2011), 2011, : 165 - 179
  • [8] A comprehensive approach to the automatic refinement and verification of access control policies
    Cherninod, Manuel
    Durante, Luca
    Seno, Lucia
    Valenza, Fulvio
    Valenzano, Adriano
    COMPUTERS & SECURITY, 2019, 80 : 186 - 199
  • [9] Dependent Type Theory for Verification of Information Flow and Access Control Policies
    Nanevski, Aleksandar
    Banerjee, Anindya
    Garg, Deepak
    ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS, 2013, 35 (02):
  • [10] Toward Formal Verification of Role-Based Access Control Policies
    Jha, Somesh
    Li, Ninghui
    Tripunitara, Mahesh
    Wang, Qihua
    Winsborough, William H.
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2008, 5 (04) : 242 - 255
12345