Alloy: a lightweight object modelling notation
ACM Transactions on Software Engineering and Methodology (TOSEM)
Reasoning about XACML policies using CSP
Proceedings of the 2005 workshop on Secure web services
PolicyUpdater: a system for dynamic access control
International Journal of Information Security
Synthesising verified access control systems through model checking
Journal of Computer Security
On the Facilitation of Fine-Grained Access to Distributed Healthcare Data
SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
Automated verification of access control policies using a SAT solver
International Journal on Software Tools for Technology Transfer (STTT)
On Formalizing and Normalizing Role-Based Access Control Systems
The Computer Journal
Kodkod: a relational model finder
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
A logic for state-modifying authorization policies
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Hi-index | 0.00 |
Typically, access control policies are either static or depend on independently maintained external state to achieve some notion of dynamism. While it is possible to fully verify the properties of static policies, any reference to external state will necessarily limit the scope of such verification. In this paper we explore the feasibility of describing self-modifying policies which contain both rules for granting access and rules for the modification of the policy. Policy level constraints are used to define validity. Using these constraints it becomes possible to verify both the current state of the policy and any possible future states. A working prototype is described which utilises a relational model finder to perform the verification. The prototype is capable of generating instances of failure cases and presenting them via a simple user interface.