Dynamic access control: preserving safety and trust for network defense operations
Proceedings of the eighth ACM symposium on Access control models and technologies
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
Looking Back at the Bell-La Padula Model
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Synthesising verified access control systems through model checking
Journal of Computer Security
Specification and Analysis of Dynamic Authorisation Policies
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
PDDL2.1: an extension to PDDL for expressing temporal planning domains
Journal of Artificial Intelligence Research
A logic for state-modifying authorization policies
ACM Transactions on Information and System Security (TISSEC)
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Model checking agent knowledge in dynamic access control policies
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Science of Computer Programming
Hi-index | 0.00 |
We present a new approach for automated knowledge-based verification of access control policies. The verification method not only discovers if a vulnerability exists, but also produces the strategies that can be used by the attacker to exploit the vulnerability. It investigates the information needed by the attacker to achieve the goal and whether he acquires that information when he proceeds through the strategy or not. We provide a policy language for specifying access control rules and the corresponding query language that is suited for expressing the properties we aim to verify. The policy language is expressive enough to handle integrity constraints and policy invariants. Finally, we compare the results and enhancements of the current method - implemented as a policy verification tool called PoliVer - over similar works in the context of dynamic access control policy verification.