Security Analysis of Access Control Policies through Program Verification

Ferrara, Anna Lisa, Madhusudan, P. and Parlato, Gennaro (2011) Security Analysis of Access Control Policies through Program Verification. In, Not Specified 13pp, 113-125.

WarningThere is a more recent version of this item available.


[img] PDF - Version of Record
Download (324Kb)
Download (324Kb)


We propose a novel scheme for proving administrative role-based access control (ARBAC) policies correct with
respect to security properties using the powerful abstraction based tools available for program veri?cation. Our scheme uses
a combination of abstraction and reduction to program verification to perform security analysis. We convert ARBAC policies
to imperative programs that simulate the policy abstractly, and
then utilize further abstract-interpretation techniques from
program analysis to analyze the programs in order to prove the
policies secure. We argue that the aggressive set-abstractions
and numerical-abstractions we use are natural and appropriate
in the access control setting. We implement our scheme using a
tool called VAC that translates ARBAC policies to imperative
programs followed by an interval-based static analysis of the
program, and show that we can effectively prove access control
policies correct. The salient feature of our approach are the
abstraction schemes we develop and the reduction of role-based
access control security (which has nothing to do with programs)
to program veri?cation problems.

Item Type: Conference or Workshop Item (Paper)
ISBNs: 9781467319188
Divisions : Faculty of Physical Sciences and Engineering
ePrint ID: 272452
Accepted Date and Publication Date:
March 2012In press
June 2012Published
Date Deposited: 13 Jun 2011 13:26
Last Modified: 31 Mar 2016 14:21

Available Versions of this Item

Actions (login required)

View Item View Item

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics