Automated verification of access control policies using a SAT solver

被引:66
|
作者
Graham Hughes
Tevfik Bultan
机构
[1] University of California,Computer Science Department
来源
International Journal on Software Tools for Technology Transfer | 2008年 / 10卷 / 6期
关键词
Access control; Automated verification;
D O I
10.1007/s10009-008-0087-9
中图分类号
学科分类号
摘要
Managing access control policies in modern computer systems can be challenging and error-prone. Combining multiple disparate access policies can introduce unintended consequences. In this paper, we present a formal model for specifying access to resources, a model that encompasses the semantics of the xacml access control language. From this model we define several ordering relations on access control policies that can be used to automatically verify properties of the policies. We present a tool for automatically verifying these properties by translating these ordering relations to Boolean satisfiability problems and then applying a sat solver. Our experimental results demonstrate that automated verification of xacml policies is feasible using this approach.
引用
收藏
页码:503 / 520
页数:17
相关论文
共 50 条
  • [21] Using semantic policies for ad-hoc coalition access control
    Dersingh, Anand
    Liscano, Ramiro
    Jost, Allan
    2006 3RD ANNUAL INTERNATIONAL CONFERENCE ON MOBILE AND UBIQUITOUS SYSTEMS - WORKSHOPS, 2006, : 308 - +
  • [22] A Model Checking Based Approach for Verification of Attribute-Based Access Control Policies in Cloud Infrastructures
    Kotenko, Igor
    Saenko, Igor
    Levshun, Dmitry
    PROCEEDINGS OF THE FOURTH INTERNATIONAL SCIENTIFIC CONFERENCE INTELLIGENT INFORMATION TECHNOLOGIES FOR INDUSTRY (IITI'19), 2020, 1156 : 165 - 175
  • [23] A flexible database security system using multiple access control policies
    Jeong, MA
    Kim, JJ
    Won, YW
    PARALLEL AND DISTRIBUTED COMPUTING, APPLICATIONS AND TECHNOLOGIES, PDCAT'2003, PROCEEDINGS, 2003, : 236 - 240
  • [24] Testing Access Control and Obligation Policies
    Xu, Dianxiang
    Sanford, Michael
    Liu, Zhaoliang
    Emry, Mark
    Brockmueller, Brad
    Johnson, Spencer
    To, Michael
    2013 INTERNATIONAL CONFERENCE ON COMPUTING, NETWORKING AND COMMUNICATIONS (ICNC), 2013,
  • [25] Analysis of Computing Policies Using SAT Solvers (Short Paper)
    Heule, Marijn J. H.
    Reaz, Rezwana
    Acharya, H. B.
    Gouda, Mohamed G.
    STABILIZATION, SAFETY, AND SECURITY OF DISTRIBUTED SYSTEMS, SSS 2016, 2016, 10083 : 190 - 194
  • [26] A Parser to Support the Definition of Access Control Policies and Rules Using Natural Languages
    Rosa, Marco
    Barraca, Joao Paulo
    Zuquete, Andre
    Rocha, Nelson Pacheco
    JOURNAL OF MEDICAL SYSTEMS, 2019, 44 (02)
  • [27] Using Semantics for Automatic Enforcement of Access Control Policies among Dynamic Coalitions
    Warner, Janice
    Atluri, Vijayalakshmi
    Mukkamala, Ravi
    Vaidya, Jaideep
    SACMAT'07: PROCEEDINGS OF THE 12TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, 2007, : 235 - 244
  • [28] A Parser to Support the Definition of Access Control Policies and Rules Using Natural Languages
    Marco Rosa
    João Paulo Barraca
    André Zuquete
    Nelson Pacheco Rocha
    Journal of Medical Systems, 2020, 44
  • [29] Access Control and Query Verification for Untrusted Databases
    Jain, Rohit
    Prabhakar, Sunil
    DATA AND APPLICATIONS SECURITY AND PRIVACY XXVII, 2013, 7964 : 211 - 225
  • [30] General Methods for Access Control Policy Verification
    Hu, Vincent C.
    Kuhn, D. Richard
    PROCEEDINGS OF 2016 IEEE 17TH INTERNATIONAL CONFERENCE ON INFORMATION REUSE AND INTEGRATION (IEEE IRI), 2016, : 315 - 323
12345