Policy analysis for self-administrated role-based access control


Ferrara, Anna Lisa, Madhusudan, P. and Parlato, Gennaro (2013) Policy analysis for self-administrated role-based access control At TACAS 2013: 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), Italy. 16 - 24 Mar 2013. 15 pp.

Download

[img] PDF ARBACpruning (2).pdf - Other
Download (216kB)

Description/Abstract

Current techniques for security analysis of administrative role-based access control (ARBAC) policies restrict themselves to the separate administration assumption that essentially separates administrative roles from regular ones. The naive algorithm of tracking all users is all that is known for the security analysis of ARBAC policies without separate administration, and the state space explosion that this results in precludes building e?ective tools. In contrast, the separate administration assumption greatly simpli?es the analysis since it makes it su?cient to track only one user at a time. However, separation limits the expressiveness of the models and restricts modeling distributed administrative control. In this paper, we undertake a fundamental study of analysis of ARBAC policies without the separate administration restriction, and show that analysis algorithms can be built that track only a bounded number of users, where the bound depends only on the number of administrative roles in the system. Using this fundamental insight paves the way for us to design an involved heuristic to further tame the state space explosion in practical systems. Our results are also very e?ective when applied on policies designed under the separate administration restriction. We implement our techniques and report on experiments conducted on several realistic case studies.

Item Type: Conference or Workshop Item (Paper)
Venue - Dates: TACAS 2013: 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), Italy, 2013-03-16 - 2013-03-24
Related URLs:
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Organisations: Electronic & Software Systems
ePrint ID: 344391
Date :
Date Event
16 March 2013Published
Date Deposited: 21 Jan 2013 15:02
Last Modified: 17 Apr 2017 16:28
Further Information:Google Scholar
URI: http://eprints.soton.ac.uk/id/eprint/344391

Actions (login required)

View Item View Item