Handbook of theoretical computer science (vol. B)
On the characterization of law and computer systems: the normative systems perspective
Deontic logic in computer science
Role-Based Access Control Models
Computer
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
A model of OASIS role-based access control and its support for active security
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Alloy: a lightweight object modelling notation
ACM Transactions on Software Engineering and Methodology (TOSEM)
A lightweight approach to specification and analysis of role-based access control extensions
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Foundations of Databases: The Logical Level
Foundations of Databases: The Logical Level
Static verification of security requirements in role based CSCW systems
Proceedings of the eighth ACM symposium on Access control models and technologies
Access control: principles and solutions
Software—Practice & Experience - Special issue: Security software
Optimal implementation of conjunctive queries in relational data bases
STOC '77 Proceedings of the ninth annual ACM symposium on Theory of computing
Improving Computer Security Using Extended Static Checking
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Counterexample-guided abstraction refinement for symbolic model checking
Journal of the ACM (JACM)
Meta-Policies for Distributed Role-Based Access Control Systems
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Synthesising verified access control systems in XACML
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
Evaluating access control policies through model checking
ISC'05 Proceedings of the 8th international conference on Information Security
On the Construction and Verification of Self-modifying Access Control Policies
SDM '09 Proceedings of the 6th VLDB Workshop on Secure Data Management
Formal engineering of XACML access control policies in VDM++
ICFEM'07 Proceedings of the formal engineering methods 9th international conference on Formal methods and software engineering
Model checking of location and mobility related security policy specifications in ambient calculus
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
Automatic conformance checking of role-based access control policies via alloy
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
A decade of model-driven security
Proceedings of the 16th ACM symposium on Access control models and technologies
Program synthesis in administration of higher-order permissions
Proceedings of the 16th ACM symposium on Access control models and technologies
Automatic error finding in access-control policies
Proceedings of the 18th ACM conference on Computer and communications security
A knowledge-based verification method for dynamic access control policies
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Journal of Computer and System Sciences
Refinement-based design of a group-centric secure information sharing model
Proceedings of the second ACM conference on Data and Application Security and Privacy
Role engineering: from theory to practice
Proceedings of the second ACM conference on Data and Application Security and Privacy
A formal role-based access control model for security policies in multi-domain mobile networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Mohawk: Abstraction-Refinement and Bound-Estimation for Verifying Access Control Policies
ACM Transactions on Information and System Security (TISSEC)
Model checking agent knowledge in dynamic access control policies
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Policy administration in tag-based authorization
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
Formal verification of security properties in trust management policy
Journal of Computer Security
Hi-index | 0.00 |
We present a framework for evaluating and generating access control policies. The framework contains a modelling formalism called RW, which is supported by a model checking tool. RW is designed for modelling access control policies, and verifying their properties. The RW language is very expressive, allowing us to model complex access conditions which can depend on data values, other permissions, and agent roles. A property expresses the capability of a coalition of agents to achieve a goal, which may include reading and overwriting certain information. Given a model built based on a policy and a property, the model-checking algorithm decides whether the goal defined by the property is achievable by the coalition within the permissions the policy provides. In the case that the goal is achievable, the algorithm outputs strategies which may be used by the coalition to achieve the goal. The unachievability of legitimate goals may suggest that the policy does not provide the users enough permissions to carry out their actions. The achievability of malicious goals may reveal certain security holes in the policy. When malicious goals are achievable, the resulting strategies help to provide clues on amending the policy. The tool implements the algorithm and thus performs the RW model-checking. It can also convert a policy written in the RW language into a policy file in XACML. An access control system can then be built on the converted policy file.