Automated verification of access control policies using a SAT solver

被引：68

作者：

Graham Hughes

Tevfik Bultan

机构：

[1] University of California,Computer Science Department

来源：

International Journal on Software Tools for Technology Transfer | 2008年 / 10卷 / 6期

关键词：

Access control; Automated verification;

D O I：

10.1007/s10009-008-0087-9

中图分类号：

学科分类号：

摘要：

Managing access control policies in modern computer systems can be challenging and error-prone. Combining multiple disparate access policies can introduce unintended consequences. In this paper, we present a formal model for specifying access to resources, a model that encompasses the semantics of the xacml access control language. From this model we define several ordering relations on access control policies that can be used to automatically verify properties of the policies. We present a tool for automatically verifying these properties by translating these ordering relations to Boolean satisfiability problems and then applying a sat solver. Our experimental results demonstrate that automated verification of xacml policies is feasible using this approach.

引用

页码：503 / 520

页数：17

共 40 条

[1]

Abadi M.(1993)A calculus for access control in distributed systems ACM Trans. Programm. Lang. Syst. 15 706-734

[2]

Burrows M.(1998)An access control model supporting periodicity constraints and temporal reasoning ACM Trans. Database Syst. 23 231-285

[3]

Lampson B.(2002)An algebra for composing access control policies ACM Trans. Inf. Syst. Secur. 5 1-35

[4]

Plotkin G.(2000)Design and implementation of an access control processor for XML documents Comput. Netw. 33 59-75

[5]

Bertino E.(2002)A fine-grained access control system for XML documents ACM Trans. Inf. Syst. Secur. 5 169-202

[6]

Bettini C.(2001)Controlling access to XML documents IEEE Internet Comput. 5 18-28

[7]

Ferrari E.(1996)Elements of style: analyzing a software design feature with a counterexample detector IEEE. Trans. Softw. Eng. 22 484-495

[8]

Samarati P.(2001)Flexible support for multiple access control policies ACM Trans. Database Syst. 26 214-260

[9]

Bonatti P.(1986)A structure-preserving clause form translation J. Symb. Comput. 2 293-304

[10]

De Capitani di Vimercati S.(1996)Authentication, access control, and audit ACM Comput. Surv. 28 241-243

← 1 2 3 4 →