A knowledge-based verification method for dynamic access control policies

Authors:
Masoud Koleini;Mark Ryan
Affiliations:
University of Birmingham, Birmingham, UK;University of Birmingham, Birmingham, UK
Venue:
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Year:
2011

Citing 9
Cited 2

Dynamic access control: preserving safety and trust for network defense operations

Proceedings of the eighth ACM symposium on Access control models and technologies
Design of a Role-Based Trust-Management Framework

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Verification and change-impact analysis of access-control policies

Proceedings of the 27th international conference on Software engineering
Looking Back at the Bell-La Padula Model

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Synthesising verified access control systems through model checking

Journal of Computer Security
Specification and Analysis of Dynamic Authorisation Policies

CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
PDDL2.1: an extension to PDDL for expressing temporal planning domains

Journal of Artificial Intelligence Research
A logic for state-modifying authorization policies

ACM Transactions on Information and System Security (TISSEC)
Specifying and reasoning about dynamic access-control policies

IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning

Model checking agent knowledge in dynamic access control policies

TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
The logic of XACML

Science of Computer Programming

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a new approach for automated knowledge-based verification of access control policies. The verification method not only discovers if a vulnerability exists, but also produces the strategies that can be used by the attacker to exploit the vulnerability. It investigates the information needed by the attacker to achieve the goal and whether he acquires that information when he proceeds through the strategy or not. We provide a policy language for specifying access control rules and the corresponding query language that is suited for expressing the properties we aim to verify. The policy language is expressive enough to handle integrity constraints and policy invariants. Finally, we compare the results and enhancements of the current method - implemented as a policy verification tool called PoliVer - over similar works in the context of dynamic access control policy verification.