Security Analysis of Access Control Policies through Program Verification


Ferrara, Anna Lisa, Madhusudan, P. and Parlato, Gennaro (2012) Security Analysis of Access Control Policies through Program Verification. In, Not Specified 13pp, 113-125.

WarningThere is a more recent version of this item available.

Download

[img] PDF - Published Version
Download (324Kb)
[img]
Preview
PDF
Download (324Kb)

Description/Abstract

We propose a novel scheme for proving administrative role-based access control (ARBAC) policies correct with
respect to security properties using the powerful abstraction based tools available for program verification. Our scheme uses
a combination of abstraction and reduction to program verification to perform security analysis. We convert ARBAC policies
to imperative programs that simulate the policy abstractly, and
then utilize further abstract-interpretation techniques from
program analysis to analyze the programs in order to prove the
policies secure. We argue that the aggressive set-abstractions
and numerical-abstractions we use are natural and appropriate
in the access control setting. We implement our scheme using a
tool called VAC that translates ARBAC policies to imperative
programs followed by an interval-based static analysis of the
program, and show that we can effectively prove access control
policies correct. The salient feature of our approach are the
abstraction schemes we develop and the reduction of role-based
access control security (which has nothing to do with programs)
to program verification problems.

Item Type: Conference or Workshop Item (Paper)
ISBNs: 9781467319188
Divisions: Faculty of Physical Sciences and Engineering
ePrint ID: 272452
Date Deposited: 13 Jun 2011 13:26
Last Modified: 27 Mar 2014 20:18
URI: http://eprints.soton.ac.uk/id/eprint/272452

Available Versions of this Item

Actions (login required)

View Item View Item