Role-based trust management security policy analysis and correction environment (RT-SPACE)
Companion of the 30th international conference on Software engineering
A Verification Framework for Temporal RBAC with Role Hierarchy (Short Paper)
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Towards formal security analysis of GTRBAC using timed automata
Proceedings of the 14th ACM symposium on Access control models and technologies
Symbolic reachability analysis for parameterized administrative role based access control
Proceedings of the 14th ACM symposium on Access control models and technologies
Proceedings of the 15th ACM symposium on Access control models and technologies
User-role reachability analysis of evolving administrative role based access control
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Towards automatic update of access control policy
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Access nets: modeling access to physical spaces
VMCAI'11 Proceedings of the 12th international conference on Verification, model checking, and abstract interpretation
Efficient symbolic automated analysis of administrative attribute-based RBAC-policies
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
An authorization scheme for version control systems
Proceedings of the 16th ACM symposium on Access control models and technologies
Policy analysis for Administrative Role-Based Access Control
Theoretical Computer Science
Automatic error finding in access-control policies
Proceedings of the 18th ACM conference on Computer and communications security
Survey Paper: A survey on policy languages in network and security management
Computer Networks: The International Journal of Computer and Telecommunications Networking
Refinement-based design of a group-centric secure information sharing model
Proceedings of the second ACM conference on Data and Application Security and Privacy
Abductive analysis of administrative policies in rule-based access control
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Towards access control model engineering
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Analyzing temporal role based access control models
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Mohawk: Abstraction-Refinement and Bound-Estimation for Verifying Access Control Policies
ACM Transactions on Information and System Security (TISSEC)
Policy analysis for self-administrated role-based access control
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Reachability analysis for role-based administration of attributes
Proceedings of the 2013 ACM workshop on Digital identity management
Formal verification of security properties in trust management policy
Journal of Computer Security
| Hi-index | 0.00 |
Specifying and managing access control policies is a challenging problem. We propose to develop formal verification techniques for access control policies to improve the current state of the art of policy specification and management. In this paper, we formalize classes of security analysis problems in the context of Role-Based Access Control. We show that in general these problems are PSPACE-complete. We also study the factors that contribute to the computational complexity by considering a lattice of various subcases of the problem with different restrictions. We show that several subcases remain PSPACE-complete, several further restricted subcases are NP-complete, and identify two subcases that are solvable in polynomial time. We also discuss our experiences and findings from experimentations that use existing formal method tools, such as model checking and logic programming, for addressing these problems.