Security Analysis of Role-based Access Control through Program Verification


Ferrara, Anna Lisa, Madhusudan, P. and Parlato, Gennaro (2012) Security Analysis of Role-based Access Control through Program Verification At 25th IEEE Computer Security Foundations Symposium (CSF). 13 pp, pp. 113-125.

This is the latest version of this item.

Download

[img] PDF VACpaper.pdf - Other
Download (332kB)

Description/Abstract

We propose a novel scheme for proving administrative role-based access control (ARBAC) policies correct with
respect to security properties using the powerful abstraction based tools available for program verification. Our scheme uses a combination of abstraction and reduction to program verification to perform security analysis. We convert ARBAC policies to imperative programs that simulate the policy abstractly, and then utilize further abstract-interpretation techniques from program analysis to analyze the programs in order to prove the policies secure. We argue that the aggressive set-abstractions and numerical-abstractions we use are natural and appropriate in the access control setting. We implement our scheme using a
tool called VAC that translates ARBAC policies to imperative
programs followed by an interval-based static analysis of the program, and show that we can effectively prove access control policies correct. The salient feature of our approach are the abstraction schemes we develop and the reduction of role-based access control security (which has nothing to do with programs) to program verification problems.

Item Type: Conference or Workshop Item (Paper)
Venue - Dates: 25th IEEE Computer Security Foundations Symposium (CSF), 2012-03-01
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Organisations: Electronic & Software Systems
ePrint ID: 348418
Date :
Date Event
March 2012Accepted/In Press
June 2012Published
Date Deposited: 13 Feb 2013 08:08
Last Modified: 17 Apr 2017 16:04
Further Information:Google Scholar
URI: http://eprints.soton.ac.uk/id/eprint/348418

Available Versions of this Item

Actions (login required)

View Item View Item