Model-Checking Access Control Policies

Guelev, Dimitar P.; Ryan, Mark; Schobbens, Pierre‐Yves

doi:10.1007/978-3-540-30144-8_19

Cited by 46 publications

(46 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For instance, Jha et al [16] present a formalization of various RBAC models and characterize the computational complexity of some analysis problems. Guelev et alpresent a model-checking approach for verifying both the permissivity as well as the security of access control policies [11].…”

Section: Related Workmentioning

confidence: 99%

Access Nets: Modeling Access to Physical Spaces

Frohardt

Chang

Sankaranarayanan

2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Electronic, software-managed mechanisms using, for example, radiofrequency identification (RFID) cards, enable great flexibility in specifying access control policies to physical spaces. For example, access rights may vary based on time of day or could differ in normal versus emergency situations. With such fine-grained control, understanding and reasoning about what a policy permits becomes surprisingly difficult requiring knowledge of permission levels, spatial layout, and time. In this paper, we present a formal modeling framework, called ACCESS NETS, suitable for describing a combination of access permissions, physical spaces, and temporal constraints. Furthermore, we provide evidence that model checking techniques are effective in reasoning about physical access control policies. We describe our results from a tool that uses reachability analysis to validate security policies.

show abstract

Section: Related Workmentioning

confidence: 99%

Access Nets: Modeling Access to Physical Spaces

Frohardt

Chang

Sankaranarayanan

2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…The correction of the error led to a great performance improvement. Pierre-Yves Schobbens should also be acknowledged for his contributions to the formulation of RW in [16]. Hasan Qunoo pointed out some typographical errors and made some useful suggestions about the presentation.…”

Section: Acknowledgementsmentioning

confidence: 99%

Synthesising verified access control systems through model checking

Zhang

Ryan

Guelev

2008

JCS

Self Cite

View full text Add to dashboard Cite

We present a framework for evaluating and generating access control policies. The framework contains a modelling formalism called RW, which is supported by a model checking tool. RW is designed for modelling access control policies, and verifying their properties. The RW language is very expressive, allowing us to model complex access conditions which can depend on data values, other permissions, and agent roles.A property expresses the capability of a coalition of agents to achieve a goal, which may include reading and overwriting certain information. Given a model built based on a policy and a property, the model-checking algorithm decides whether the goal defined by the property is achievable by the coalition within the permissions the policy provides. In the case that the goal is achievable, the algorithm outputs strategies which may be used by the coalition to achieve the goal.The unachievability of legitimate goals may suggest that the policy does not provide the users enough permissions to carry out their actions. The achievability of malicious goals may reveal certain security holes in the policy. When malicious goals are achievable, the resulting strategies help to provide clues on amending the policy. The tool implements the algorithm and thus performs the RW model-checking. It can also convert a policy written in the RW language into a policy file in XACML. An access control system can then be built on the converted policy file.

show abstract

“…More recent works support state transitions over richer models of access control and properties beyond safety [3,17,25,31,32,36]. Our model is unique in separating the static policy from its dynamic environment.…”

Section: Related Workmentioning

confidence: 99%

“…Guelev et al reduce access control policies to state machines over propositions by encoding each first-order relational term as a separate proposition [17]. They provide propositional temporal logic verification, but do not consider policy comparison.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Specifying and Reasoning About Dynamic Access-Control Policies

Dougherty¹,

Fisler²,

Krishnamurthi

2006

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Access-control policies have grown from simple matrices to non-trivial specifications written in sophisticated languages. The increasing complexity of these policies demands correspondingly strong automated reasoning techniques for understanding and debugging them. The need for these techniques is even more pressing given the rich and dynamic nature of the environments in which these policies evaluate. We define a framework to represent the behavior of accesscontrol policies in a dynamic environment. We then specify several interesting, decidable analyses using first-order temporal logic. Our work illustrates the subtle interplay between logical and state-based methods, particularly in the presence of three-valued policies. We also define a notion of policy equivalence that is especially useful for modular reasoning.

show abstract

Model-Checking Access Control Policies

Cited by 46 publications

References 15 publications

Access Nets: Modeling Access to Physical Spaces

Access Nets: Modeling Access to Physical Spaces

Synthesising verified access control systems through model checking

Specifying and Reasoning About Dynamic Access-Control Policies

Contact Info

Product

Resources

About