Security Analysis of Access Control Policies through Program Verification


(2011) Security Analysis of Access Control Policies through Program Verification At Not Specified 13 pp, pp. 113-125.

WarningThere is a more recent version of this item available.

Download

[img] PDF Security Analysis of Role-based Access Control through Program Veriļ¬cation - Version of Record
Download (332kB)
[img] Indexer Terms UNSPECIFIED
Download (11kB)
[img] PDF UNSPECIFIED
Download (332kB)
[img] Image (JPEG) UNSPECIFIED
Download (27kB)
[img] Indexer Terms UNSPECIFIED
Download (11kB)

Description/Abstract

We propose a novel scheme for proving administrative role-based access control (ARBAC) policies correct with respect to security properties using the powerful abstraction based tools available for program veri?cation. Our scheme uses a combination of abstraction and reduction to program verification to perform security analysis. We convert ARBAC policies to imperative programs that simulate the policy abstractly, and then utilize further abstract-interpretation techniques from program analysis to analyze the programs in order to prove the policies secure. We argue that the aggressive set-abstractions and numerical-abstractions we use are natural and appropriate in the access control setting. We implement our scheme using a tool called VAC that translates ARBAC policies to imperative programs followed by an interval-based static analysis of the program, and show that we can effectively prove access control policies correct. The salient feature of our approach are the abstraction schemes we develop and the reduction of role-based access control security (which has nothing to do with programs) to program veri?cation problems.

Item Type: Conference or Workshop Item (Paper)
ePrint ID: 272452
Date Deposited: 13 Jun 2011 13:26
Last Modified: 31 Mar 2016 14:21
Further Information:Google Scholar
URI: http://eprints.soton.ac.uk/id/eprint/272452

Available Versions of this Item

Actions (login required)

View Item View Item