A layered design of discretionary access controls with decidable safety properties

Solworth, Jon A.; Sloan, Robert H.

doi:10.1109/secpri.2004.1301315

Cited by 23 publications

(42 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These models all have subcases where safety is decidable. Solworth and Sloan [44] introduced discretionary access control model in which safety is decidable. This thread of research has proposed many new access control schemes, but has had limited impact on access control systems used in practice.…”

Section: Related Workmentioning

confidence: 99%

Automatic error finding in access-control policies

Jayaraman

Ganesh

Tripunitara

et al. 2011

Proceedings of the 18th ACM Conference on Computer and Communications Security

View full text Add to dashboard Cite

Access-control policies are a key infrastructural technology for computer security. However, a significant problem is that system administrators need to be able to automatically verify whether their policies capture the intended security goals. To address this important problem, researchers have proposed many automated verification techniques. Despite considerable progress in verification techniques, scalability is still a significant issue. Hence, in this paper we propose that error finding complements verification, and is a fruitful way of checking whether or not access control policies implement the security intent of system administrators. Error finding is more scalable (at the cost of completeness), and allows for the use of a wider variety of techniques.In this paper, we describe an abstraction-refinement based technique and its implementation, the MOHAWK tool, aimed at finding errors in ARBAC access-control policies. The key insight behind our abstraction-refinement technique is that it is more efficient to look for errors in an abstract policy (with successive refinements, if necessary) than its complete counterpart.MOHAWK accepts as input an access-control policy and a safety question. If MOHAWK finds an error in the input policy, it terminates with a sequence of actions that cause the error. We provide an extensive comparison of MOHAWK with the current state-ofthe-art analysis tools. We show that MOHAWK scales very well as the size and complexity of the input policies increase, and is orders of magnitude faster than competing tools. The MOHAWK tool is open source and available from the Google Code website:

show abstract

Section: Related Workmentioning

confidence: 99%

Automatic error finding in access-control policies

Jayaraman

Ganesh

Tripunitara

et al. 2011

Proceedings of the 18th ACM Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…These models all have subcases where safety is decidable. Solworth and Sloan [42] introduced a discretionary access control model in which safety is decidable. This thread of research has produced many new access control schemes but has had limited impact on access control systems used in practice, probably because the proposed schemes are either too simplistic to be useful or too arcane to be usable.…”

Section: Related Workmentioning

confidence: 99%

Towards Formal Verification of Role-Based Access Control Policies

Jha

Tripunitara

et al. 2008

IEEE Trans. Dependable and Secure Comput.

106

View full text Add to dashboard Cite

Abstract-Specifying and managing access control policies is a challenging problem. We propose to develop formal verification techniques for access control policies to improve the current state of the art of policy specification and management. In this paper, we formalize classes of security analysis problems in the context of Role-Based Access Control. We show that in general these problems are PSPACE-complete. We also study the factors that contribute to the computational complexity by considering a lattice of various subcases of the problem with different restrictions. We show that several subcases remain PSPACE-complete, several further restricted subcases are NP-complete, and identify two subcases that are solvable in polynomial time. We also discuss our experiences and findings from experimentations that use existing formal method tools, such as model checking and logic programming, for addressing these problems.

show abstract

“…The well-known "HRU model" describes a simple matrix-based access control model, with the surprising property that even if every policy in a system can be efficiently evaluated, security analysis can be undecidable [18]. This is not the case for every access control model; security analyses of some existing access control systems without the same expressiveness as the HRU model can be decidable while still allowing useful policies to be expressed [24,32]. Unfortunately, it is easy to show that the HRU model can be simulated in TD: Theorem 1.…”

Section: Security Analysis and Decidabilitymentioning

confidence: 99%

A formal framework for reflective database access control policies

Olson

Gunter

Madhusudan

2008

Proceedings of the 15th ACM Conference on Computer and Communications Security

View full text Add to dashboard Cite

Reflective Database Access Control (RDBAC) is a model in which a database privilege is expressed as a database query itself, rather than as a static privilege contained in an access control list. RDBAC aids the management of database access controls by improving the expressiveness of policies. However, such policies introduce new interactions between data managed by different users, and can lead to unexpected results if not carefully written and analyzed. We propose the use of Transaction Datalog as a formal framework for expressing reflective access control policies. We demonstrate how it provides a basis for analyzing certain types of policies and enables secure implementations that can guarantee that configurations built on these policies cannot be subverted.

show abstract

A layered design of discretionary access controls with decidable safety properties

Abstract: Abstract

Cited by 23 publications

References 20 publications

Automatic error finding in access-control policies

Automatic error finding in access-control policies

Towards Formal Verification of Role-Based Access Control Policies

A formal framework for reflective database access control policies

Contact Info

Product

Resources

About