Verification and change-impact analysis of access-control policies

Fisler, Kathi; Krishnamurthi, Shriram; Meyerovich, Leo A.; Tschantz, Michael Carl

doi:10.1109/icse.2005.1553562

Cited by 108 publications

(133 citation statements)

References 17 publications

Supporting

Mentioning

133

Contrasting

Order By: Relevance

“…Furthermore, these differences should be first-class objects, amenable to querying and verification just as policies are. The ability to analyze differences matters because authors can often state precise expectations of changes even if they cannot state global system properties, as Fisler et al [14] discuss. This is therefore an important problem for future work.…”

Section: Lemma 15mentioning

confidence: 99%

“…Fisler et al [14] have implemented both verification and semantic differencing for role-based policies, but their work handles only weaker (propositional rather than relational) policy models and ignores the impact of the dynamic environment.…”

Section: Related Workmentioning

confidence: 99%

“…Several researchers, including the authors, have tried building policy analysis tools atop Alloy [14,21,39], but these all assume non-dynamic environments. Alloy's support for temporal reasoning is limited to properties of small bounded-length paths.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Specifying and Reasoning About Dynamic Access-Control Policies

Dougherty¹,

Fisler²,

Krishnamurthi

2006

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Access-control policies have grown from simple matrices to non-trivial specifications written in sophisticated languages. The increasing complexity of these policies demands correspondingly strong automated reasoning techniques for understanding and debugging them. The need for these techniques is even more pressing given the rich and dynamic nature of the environments in which these policies evaluate. We define a framework to represent the behavior of accesscontrol policies in a dynamic environment. We then specify several interesting, decidable analyses using first-order temporal logic. Our work illustrates the subtle interplay between logical and state-based methods, particularly in the presence of three-valued policies. We also define a notion of policy equivalence that is especially useful for modular reasoning.

show abstract

Section: Lemma 15mentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Specifying and Reasoning About Dynamic Access-Control Policies

Dougherty¹,

Fisler²,

Krishnamurthi

2006

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Such holes typically cannot be identified by the imagination of designers; scarcely can they be detected by most of traditional approaches, such as static analysis [2,10] and policy-querying [14].…”

Section: Introductionmentioning

confidence: 99%

“…Fisler, Krishnamurthi, Meyerovich and Tschantz [14] have created Margrave, a software suite for analysing role based access control policies. Halpern and Weissman [19] have demonstrated how a fragment of first-order logic can be used to represent and reason about access control policies.…”

Section: Introductionmentioning

confidence: 99%

Synthesising verified access control systems through model checking

Zhang

Ryan

Guelev

2008

JCS

View full text Add to dashboard Cite

We present a framework for evaluating and generating access control policies. The framework contains a modelling formalism called RW, which is supported by a model checking tool. RW is designed for modelling access control policies, and verifying their properties. The RW language is very expressive, allowing us to model complex access conditions which can depend on data values, other permissions, and agent roles.A property expresses the capability of a coalition of agents to achieve a goal, which may include reading and overwriting certain information. Given a model built based on a policy and a property, the model-checking algorithm decides whether the goal defined by the property is achievable by the coalition within the permissions the policy provides. In the case that the goal is achievable, the algorithm outputs strategies which may be used by the coalition to achieve the goal.The unachievability of legitimate goals may suggest that the policy does not provide the users enough permissions to carry out their actions. The achievability of malicious goals may reveal certain security holes in the policy. When malicious goals are achievable, the resulting strategies help to provide clues on amending the policy. The tool implements the algorithm and thus performs the RW model-checking. It can also convert a policy written in the RW language into a policy file in XACML. An access control system can then be built on the converted policy file.

show abstract

GOLD infrastructure for virtual organizations

Periorellis

Cook

Hiden

et al. 2008

Concurrency and Computation

View full text Add to dashboard Cite

SUMMARYThe paper discusses the GOLD project (Grid-based Information Models to Support the Rapid Innovation of New High Value-Added Chemicals) whose principal aim is to carry out research and development into enabling technologies to support the formation, operation and termination of virtual organizations. The paper discusses the outcome of this research, which is the GOLD Middleware infrastructure. The infrastructure has been implemented in the form of a set of Middleware components, which address issues such as trust, security, contract monitoring and enforcement, information management and coordination. We discuss all these issues in turn and more importantly we demonstrate how current WS standards can be used to implement these issues. In addition, the paper follows a top down approach starting with a brief outline on the architectural elements derived during the requirements engineering phase and demonstrates how these elements were mapped onto actual services that were implemented according to service-oriented architecture principles and related technologies.

show abstract

Verification and change-impact analysis of access-control policies

Cited by 108 publications

References 17 publications

Specifying and Reasoning About Dynamic Access-Control Policies

Specifying and Reasoning About Dynamic Access-Control Policies

Synthesising verified access control systems through model checking

GOLD infrastructure for virtual organizations

Contact Info

Product

Resources

About