RBAC-PAT: A Policy Analysis Tool for Role Based Access Control

Gofman, Mikhail; Luo, Ren C.; Solomon, Ayla C.; Zhang, Yingbin; Yang, Ping; Stoller, Scott D.

doi:10.1007/978-3-642-00768-2_4

Cited by 41 publications

(64 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ReduceAdmin evaluation. We evaluate ReduceAdmin on two sets of realistic ARBAC policies without separate administration, used in several case studies [22,7,9,21]: a hospital and a university policy [19]. Table 3 summarizes the results of our evaluation.…”

Section: Resultsmentioning

confidence: 99%

“…Stoller et al [22] identify the fixedparameter complexity of the problem, and show that the problem is tractable if we fix the number of roles. Their techniques are implemented in the RBAC-PAT tool [7]. In more recent work, Stoller et al have extended the ARBAC model to parameterized ARBAC that allows conditions that depend on parameters [21].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Policy Analysis for Self-administrated Role-Based Access Control

Ferrara

Madhusudan

Parlato

2013

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

Abstract. Current techniques for security analysis of administrative role-based access control (ARBAC) policies restrict themselves to the separate administration assumption that essentially separates administrative roles from regular ones. The naive algorithm of tracking all users is all that is known for the security analysis of ARBAC policies without separate administration, and the state space explosion that this results in precludes building effective tools. In contrast, the separate administration assumption greatly simplifies the analysis since it makes it sufficient to track only one user at a time. However, separation limits the expressiveness of the models and restricts modeling distributed administrative control. In this paper, we undertake a fundamental study of analysis of ARBAC policies without the separate administration restriction, and show that analysis algorithms can be built that track only a bounded number of users, where the bound depends only on the number of administrative roles in the system. Using this fundamental insight paves the way for us to design an involved heuristic to further tame the state space explosion in practical systems. Our results are also very effective when applied on policies designed under the separate administration restriction. We implement our techniques and report on experiments conducted on several realistic case studies.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Policy Analysis for Self-administrated Role-Based Access Control

Ferrara

Madhusudan

Parlato

2013

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

show abstract

“…Fisler et al transform access control policies into decision diagrams that can be queried [17]; Hughes and Bultan use a SAT solver on XACML policies to verify that the policy conforms to some properties [19]. Gofman et al verify properties of RBAC and ARBAC (another RBAC extension) models using RBAC-PAT [18]. The Ponder2 framework also provides policy verification capabilities, using event calculus [6].…”

Section: Access Control and Verificationmentioning

confidence: 99%

Run-time generation, transformation, and verification of access control models for self-protection

Bailey

Montrieux

Lemos

et al. 2014

Proceedings of the 9th International Symposium on Software Engineering for Adaptive and Self-Managing Systems

View full text Add to dashboard Cite

Self-adaptive access control, in which self-* properties are applied to protecting systems, is a promising solution for the handling of malicious user behaviour in complex infrastructures. A major challenge in self-adaptive access control is ensuring that chosen adaptations are valid, and produce a satisfiable model of access. The contribution of this paper is the generation, transformation and verification of Role Based Access Control (RBAC) models at run-time, as a means for providing assurances that the adaptations to be deployed are valid. The goal is to protect the system against insider threats by adapting at run-time the access control policies associated with system resources, and access rights assigned to users. Depending on the type of attack, and based on the models from the target system and its environment, the adapted access control models need to be evaluated against the RBAC metamodel, and the adaptation constraints related to the application. The feasibility of the proposed approach has been demonstrated in the context of a fully working prototype using malicious scenarios inspired by a well documented case of insider attack.

show abstract

“…Automated analysis and verification of access-control policies is an active area of research [11,15,[19][20][21][22][23]28,29,31,41,43,46,49,50]. Model checking [8] has emerged as a promising, automated approach [15,23,46] to the verification problem.…”

Section: Introductionmentioning

confidence: 99%

“…Model checking [8] has emerged as a promising, automated approach [15,23,46] to the verification problem. In this approach, a model checker takes as input an access-control policy and a security property, and declares whether or not the policy adheres to the input security property.…”

Section: Introductionmentioning

confidence: 99%

Automatic error finding in access-control policies

Jayaraman

Ganesh

Tripunitara

et al. 2011

Proceedings of the 18th ACM Conference on Computer and Communications Security

View full text Add to dashboard Cite

Access-control policies are a key infrastructural technology for computer security. However, a significant problem is that system administrators need to be able to automatically verify whether their policies capture the intended security goals. To address this important problem, researchers have proposed many automated verification techniques. Despite considerable progress in verification techniques, scalability is still a significant issue. Hence, in this paper we propose that error finding complements verification, and is a fruitful way of checking whether or not access control policies implement the security intent of system administrators. Error finding is more scalable (at the cost of completeness), and allows for the use of a wider variety of techniques.In this paper, we describe an abstraction-refinement based technique and its implementation, the MOHAWK tool, aimed at finding errors in ARBAC access-control policies. The key insight behind our abstraction-refinement technique is that it is more efficient to look for errors in an abstract policy (with successive refinements, if necessary) than its complete counterpart.MOHAWK accepts as input an access-control policy and a safety question. If MOHAWK finds an error in the input policy, it terminates with a sequence of actions that cause the error. We provide an extensive comparison of MOHAWK with the current state-ofthe-art analysis tools. We show that MOHAWK scales very well as the size and complexity of the input policies increase, and is orders of magnitude faster than competing tools. The MOHAWK tool is open source and available from the Google Code website:

show abstract

RBAC-PAT: A Policy Analysis Tool for Role Based Access Control

Cited by 41 publications

References 6 publications

Policy Analysis for Self-administrated Role-Based Access Control

Policy Analysis for Self-administrated Role-Based Access Control

Run-time generation, transformation, and verification of access control models for self-protection

Automatic error finding in access-control policies

Contact Info

Product

Resources

About