Security Analysis of Role-based Access Control through Program Verification
Security Analysis of Role-based Access Control through Program Verification
We propose a novel scheme for proving administrative role-based access control (ARBAC) policies correct with respect to security properties using the powerful abstraction based tools available for program verification. Our scheme uses a combination of abstraction and reduction to program verification to perform security analysis. We convert ARBAC policies to imperative programs that simulate the policy abstractly, and then utilize further abstract-interpretation techniques from program analysis to analyze the programs in order to prove the policies secure. We argue that the aggressive set-abstractions and numerical-abstractions we use are natural and appropriate in the access control setting. We implement our scheme using a tool called VAC that translates ARBAC policies to imperative programs followed by an interval-based static analysis of the program, and show that we can effectively prove access control policies correct. The salient feature of our approach are the abstraction schemes we develop and the reduction of role-based access control security (which has nothing to do with programs) to program verification problems.
978-1-4673-1918-8
113-125
Ferrara, Anna Lisa
6bc9ff9b-aa7d-4124-8de1-73aeda822d7e
Madhusudan, P.
8af89366-038f-4a30-9588-61d3f4477b49
Parlato, Gennaro
c28428a0-d3f3-4551-a4b5-b79e410f4923
June 2012
Ferrara, Anna Lisa
6bc9ff9b-aa7d-4124-8de1-73aeda822d7e
Madhusudan, P.
8af89366-038f-4a30-9588-61d3f4477b49
Parlato, Gennaro
c28428a0-d3f3-4551-a4b5-b79e410f4923
Ferrara, Anna Lisa, Madhusudan, P. and Parlato, Gennaro
(2012)
Security Analysis of Role-based Access Control through Program Verification.
25th IEEE Computer Security Foundations Symposium (CSF).
.
Record type:
Conference or Workshop Item
(Paper)
Abstract
We propose a novel scheme for proving administrative role-based access control (ARBAC) policies correct with respect to security properties using the powerful abstraction based tools available for program verification. Our scheme uses a combination of abstraction and reduction to program verification to perform security analysis. We convert ARBAC policies to imperative programs that simulate the policy abstractly, and then utilize further abstract-interpretation techniques from program analysis to analyze the programs in order to prove the policies secure. We argue that the aggressive set-abstractions and numerical-abstractions we use are natural and appropriate in the access control setting. We implement our scheme using a tool called VAC that translates ARBAC policies to imperative programs followed by an interval-based static analysis of the program, and show that we can effectively prove access control policies correct. The salient feature of our approach are the abstraction schemes we develop and the reduction of role-based access control security (which has nothing to do with programs) to program verification problems.
Text
VACpaper.pdf
- Other
More information
Accepted/In Press date: March 2012
Published date: June 2012
Venue - Dates:
25th IEEE Computer Security Foundations Symposium (CSF), 2012-03-01
Organisations:
Electronic & Software Systems
Identifiers
Local EPrints ID: 348418
URI: http://eprints.soton.ac.uk/id/eprint/348418
ISBN: 978-1-4673-1918-8
PURE UUID: 9b50ff42-beea-4336-bdc2-4cc64bdee934
Catalogue record
Date deposited: 13 Feb 2013 08:08
Last modified: 14 Mar 2024 12:58
Export record
Contributors
Author:
Anna Lisa Ferrara
Author:
P. Madhusudan
Author:
Gennaro Parlato
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics