Role-Based Access Control Models
Computer
The ARBAC97 model for role-based administration of roles
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Model checking
On the decidability of accessibility problems (extended abstract)
STOC '00 Proceedings of the thirty-second annual ACM symposium on Theory of computing
The role-based access control system of a European bank: a case study and discussion
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Safety Analysis of the Dynamic-Typed Access Matrix Model
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Administrative scope: A foundation for role-based administrative models
ACM Transactions on Information and System Security (TISSEC)
Advanced Features for Enterprise-Wide Role-Based Access Control
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
On protection in operating systems
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
Role-Based Access Control
Counterexample-guided abstraction refinement for symbolic model checking
Journal of the ACM (JACM)
Security analysis in role-based access control
Proceedings of the ninth ACM symposium on Access control models and technologies
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
Beyond proof-of-compliance: security analysis in trust management
Journal of the ACM (JACM)
Policy Analysis for Administrative Role Based Access Control
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Security analysis in role-based access control
ACM Transactions on Information and System Security (TISSEC)
A fault model and mutation testing of access control policies
Proceedings of the 16th international conference on World Wide Web
Analyzing web access control policies
Proceedings of the 16th international conference on World Wide Web
POLICY '07 Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks
Journal of Computer Security - Special issue on CSFW15
Efficient policy analysis for administrative role based access control
Proceedings of the 14th ACM conference on Computer and communications security
Synthesising verified access control systems through model checking
Journal of Computer Security
Enabling verification and conformance testing for access control model
Proceedings of the 13th ACM symposium on Access control models and technologies
A Linear time algorithm for deciding security
SFCS '76 Proceedings of the 17th Annual Symposium on Foundations of Computer Science
Analyzing and Managing Role-Based Access Control Policies
IEEE Transactions on Knowledge and Data Engineering
Automated verification of access control policies using a SAT solver
International Journal on Software Tools for Technology Transfer (STTT)
Towards Formal Verification of Role-Based Access Control Policies
IEEE Transactions on Dependable and Secure Computing
Protection: principles and practice
AFIPS '72 (Spring) Proceedings of the May 16-18, 1972, spring joint computer conference
Property Verification for Generic Access Control Models
EUC '08 Proceedings of the 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing - Volume 02
RBAC-PAT: A Policy Analysis Tool for Role Based Access Control
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
Computing Over-Approximations with Bounded Model Checking
Electronic Notes in Theoretical Computer Science (ENTCS)
A decision procedure for bit-vectors and arrays
CAV'07 Proceedings of the 19th international conference on Computer aided verification
User-role reachability analysis of evolving administrative role based access control
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Representation and reasoning on RBAC: a description logic approach
ICTAC'05 Proceedings of the Second international conference on Theoretical Aspects of Computing
Weighted pushdown systems and trust-management systems
TACAS'06 Proceedings of the 12th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Symbolic backward reachability with effectively propositional logic
Formal Methods in System Design
Mohawk: Abstraction-Refinement and Bound-Estimation for Verifying Access Control Policies
ACM Transactions on Information and System Security (TISSEC)
Policy analysis for self-administrated role-based access control
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Heuristic safety analysis of access control models
Proceedings of the 18th ACM symposium on Access control models and technologies
A white-box policy analysis and its efficient implementation
Proceedings of the 18th ACM symposium on Access control models and technologies
Business Driven User Role Assignment: Nimble Adaptation of RBAC to Organizational Changes
International Journal of Information Security and Privacy
Policy analysis for administrative role based access control without separate administration
DBSec'13 Proceedings of the 27th international conference on Data and Applications Security and Privacy XXVII
| Hi-index | 0.00 |
Verifying that access-control systems maintain desired security properties is recognized as an important problem in security. Enterprise access-control systems have grown to protect tens of thousands of resources, and there is a need for verification to scale commensurately. We present a new abstraction-refinement technique for automatically finding errors in Administrative Role-Based Access Control (ARBAC) security policies. ARBAC is the first and most comprehensive administrative scheme for Role-Based Access Control (RBAC) systems. Underlying our approach is a change in mindset: we propose that error finding complements verification, can be more scalable, and allows for the use of a wider variety of techniques. In our approach, we use an abstraction-refinement technique to first identify and discard roles that are unlikely to be relevant to the verification question (the abstraction step), and then restore such abstracted roles incrementally (the refinement steps). Errors are one-sided: if there is an error in the abstracted policy, then there is an error in the original policy. If there is an error in a policy whose role-dependency graph diameter is smaller than a certain bound, then we find the error. Our abstraction-refinement technique complements conventional state-space exploration techniques such as model checking. We have implemented our technique in an access-control policy analysis tool. We show empirically that our tool scales well to realistic policies, and is orders of magnitude faster than prior tools.