Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Fast Algorithms for Mining Association Rules in Large Databases
VLDB '94 Proceedings of the 20th International Conference on Very Large Data Bases
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
Inferring Access-Control Policy Properties via Machine Learning
POLICY '06 Proceedings of the Seventh IEEE International Workshop on Policies for Distributed Systems and Networks
A fault model and mutation testing of access control policies
Proceedings of the 16th international conference on World Wide Web
Efficient policy analysis for administrative role based access control
Proceedings of the 14th ACM conference on Computer and communications security
Detecting and resolving policy misconfigurations in access-control systems
Proceedings of the 13th ACM symposium on Access control models and technologies
Assessing Quality of Policy Properties in Verification of Access Control Policies
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Hi-index | 0.00 |
Access control mechanisms are used to control which principals (such as users or processes) have access to which resources based on access control policies. To ensure the correctness of access control policies, policy authors conduct policy verification to check whether certain properties are satisfied by a policy. However, these properties are often not written in practice. To facilitate property verification, we present an approach that automatically mines likely properties from a policy via the technique of association rule mining. In our approach, mined likely properties may not be true for all the policy behaviors but are true for most of the policy behaviors. The policy behaviors that do not satisfy likely properties could be faulty. Therefore, our approach then conducts likely-property verification to produce counterexamples, which are used to help policy authors identify faulty rules in the policy. To show the effectiveness of our approach, we conduct evaluation on four XACML policies. Our evaluation results show that our approach achieves more than 30% higher fault-detection capability than that of an existing approach. Our approach includes additional techniques such as basic and prioritization techniques that help reduce a significant percentage of counterexamples for inspection compared to the existing approach.