VAC - verifier of administrative role-based access control policies


Ferrara, Anna Lisa, Madhusudan, P., Lam Nguyen, Truc and Parlato, Gennaro (2014) VAC - verifier of administrative role-based access control policies At 26th International Conference on Computer Aided Verification (CAV 2014), Austria. 18 - 22 Jul 2014. 8 pp.

Download

[img] PDF VAC14.pdf - Accepted Manuscript
Download (139kB)

Description/Abstract

In this paper we present Vac, an automatic tool for verifying security properties of administrative Role-based Access Control (RBAC). RBAC has become an increasingly popular access control model, particularly suitable for large organizations, and it is implemented in several software. Automatic security analysis of administrative RBAC systems is recognized as an important problem, as an analysis tool can help designers check whether their policies meet expected security properties. Vac converts administrative RBAC policies to imperative programs that simulate the policies both precisely and abstractly and supports several automatic verification back-ends to analyze the resulting programs. In this paper, we describe the architecture of Vac and overview the analysis techniques that have been implemented in the tool. We also report on experiments with several benchmarks from the literature.

Item Type: Conference or Workshop Item (Paper)
Venue - Dates: 26th International Conference on Computer Aided Verification (CAV 2014), Austria, 2014-07-18 - 2014-07-22
Related URLs:
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Organisations: Electronic & Software Systems
ePrint ID: 365363
Date :
Date Event
July 2014Published
Date Deposited: 03 Jun 2014 08:46
Last Modified: 23 Feb 2017 00:20
Further Information:Google Scholar
URI: http://eprints.soton.ac.uk/id/eprint/365363

Actions (login required)

View Item View Item