Compositional Typed Analysis of ARBAC Policies

Calzavara, Stefano; Rabitti, Alvise; Bugliesi, Michele

doi:10.1109/csf.2015.10

Cited by 6 publications

(2 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Calzavara et al [33] continue this line of research by proposing a security type system for verifying information flow in ARBAC policies. In particular, their type system can address the role reachability problem and offers a compositional technique.…”

Section: Related Workmentioning

confidence: 99%

IFCIL: An Information Flow Configuration Language for SELinux (Extended Version)

Ceragioli¹,

Galletta²,

Degano³

et al. 2022

Preprint

View full text Add to dashboard Cite

Security Enhanced Linux (SELinux) is a security architecture for Linux implementing mandatory access control. It has been used in numerous security-critical contexts ranging from servers to mobile devices. But this is challenging as SELinux security policies are difficult to write, understand, and maintain. Recently, the intermediate language CIL was introduced to foster the development of high-level policy languages and to write structured configurations. However, CIL lacks mechanisms for ensuring that the resulting configurations obey desired information flow policies. To remedy this, we propose IFCIL, a backward compatible extension of CIL for specifying finegrained information flow requirements for CIL configurations. Using IFCIL, administrators can express, e.g., confidentiality, integrity, and non-interference properties. We also provide a tool to statically verify these requirements.• We present the language IFL for expressing complex, fine-grained, information flow requirements in a declarative and compositional way, including confidentiality, integrity, and non-transitive information flow properties. IFL requirements can be extended through refinement and various access control languages can easily be augmented

show abstract

Section: Related Workmentioning

confidence: 99%

IFCIL: An Information Flow Configuration Language for SELinux (Extended Version)

Ceragioli¹,

Galletta²,

Degano³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…There is a long line of works on the safety analysis of access control policies that started with the seminal paper [17]. To the best of our knowledge, Li and Tripunitara [23] were the first to introduce security analysis in the context of ARBAC, followed by many papers, e.g., [21,3,38,24,39,6,1,7,18,15,31,28,44,10]. The idea underlying such works is to reduce safety analysis to graph manipulation [21,3,38] or fix-point computation performed either by Logic Programming (as in [24]) or model checking (as in [39,6,1,7,18,15,31,28,44]).…”

Section: Related Workmentioning

confidence: 99%

Automated and efficient analysis of administrative temporal RBAC policies with role hierarchies

Ranise

Truong

Viganò

2018

JCS

View full text Add to dashboard Cite

Temporal role-based access control models support the specification and enforcement of several temporal constraints on role enabling, role activation, and temporal role hierarchies among others. In this paper, we define three mappings that preserve the solutions to a class of policy problems: they map security analysis problems in presence of static temporal role hierarchies to problems without them. We show how our mappings can be used to extend the capabilities of a tool for the analysis of administrative temporal role-based access control policies to reason in presence of temporal role hierarchies. We carried out an experimental evaluation with a prototype implementation, which highlighted that one of the proposed mappings behaves better than the other two. To the best of our knowledge, ours is the first tool capable of reasoning with (static) temporal role hierarchies.

show abstract