On the Construction and Verification of Self-modifying Access Control Policies
SDM '09 Proceedings of the 6th VLDB Workshop on Secure Data Management
An XACML extension for business process-centric access control policies
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Automatic conformance checking of role-based access control policies via alloy
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Automatic error finding in access-control policies
Proceedings of the 18th ACM conference on Computer and communications security
Automated and efficient analysis of role-based access control with attributes
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
Mohawk: Abstraction-Refinement and Bound-Estimation for Verifying Access Control Policies
ACM Transactions on Information and System Security (TISSEC)
A white-box policy analysis and its efficient implementation
Proceedings of the 18th ACM symposium on Access control models and technologies
| Hi-index | 0.00 |
Managing access control policies in modern computer systems can be challenging and error-prone. Combining multiple disparate access policies can introduce unintended consequences. In this paper, we present a formal model for specifying access to resources, a model that encompasses the semantics of the xacml access control language. From this model we define several ordering relations on access control policies that can be used to automatically verify properties of the policies. We present a tool for automatically verifying these properties by translating these ordering relations to Boolean satisfiability problems and then applying a sat solver. Our experimental results demonstrate that automated verification of xacml policies is feasible using this approach.