The University of Southampton
University of Southampton Institutional Repository

Security Analysis of Role-based Access Control through Program Verification

Ferrara, Anna Lisa, Madhusudan, P. and Parlato, Gennaro (2012) Security Analysis of Role-based Access Control through Program Verification At 25th IEEE Computer Security Foundations Symposium (CSF). 13 pp, pp. 113-125.

Record type: Conference or Workshop Item (Paper)


We propose a novel scheme for proving administrative role-based access control (ARBAC) policies correct with
respect to security properties using the powerful abstraction based tools available for program verification. Our scheme uses a combination of abstraction and reduction to program verification to perform security analysis. We convert ARBAC policies to imperative programs that simulate the policy abstractly, and then utilize further abstract-interpretation techniques from program analysis to analyze the programs in order to prove the policies secure. We argue that the aggressive set-abstractions and numerical-abstractions we use are natural and appropriate in the access control setting. We implement our scheme using a
tool called VAC that translates ARBAC policies to imperative
programs followed by an interval-based static analysis of the program, and show that we can effectively prove access control policies correct. The salient feature of our approach are the abstraction schemes we develop and the reduction of role-based access control security (which has nothing to do with programs) to program verification problems.

PDF VACpaper.pdf - Other
Download (332kB)

More information

Accepted/In Press date: March 2012
Published date: June 2012
Venue - Dates: 25th IEEE Computer Security Foundations Symposium (CSF), 2012-03-01
Organisations: Electronic & Software Systems


Local EPrints ID: 348418
ISBN: 978-1-4673-1918-8
PURE UUID: 9b50ff42-beea-4336-bdc2-4cc64bdee934

Catalogue record

Date deposited: 13 Feb 2013 08:08
Last modified: 18 Jul 2017 04:52

Export record


Author: Anna Lisa Ferrara
Author: P. Madhusudan
Author: Gennaro Parlato

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton:

ePrints Soton supports OAI 2.0 with a base URL of

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.