Role-Based Access Control Models
Computer
The NIST model for role-based access control: towards a unified standard
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Protection in operating systems
Communications of the ACM
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
ACM SIGOPS Operating Systems Review
Specifying a security policy: a case study
CSFW '96 Proceedings of the 9th IEEE workshop on Computer Security Foundations
On protection in operating systems
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Policy management using access control spaces
ACM Transactions on Information and System Security (TISSEC)
A case study in access control requirements for a Health Information System
ACSW Frontiers '04 Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32
An attribute-based access matrix model
Proceedings of the 2005 ACM symposium on Applied computing
Policy Analysis for Administrative Role Based Access Control
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Security analysis in role-based access control
ACM Transactions on Information and System Security (TISSEC)
Heuristics for Safety and Security Constraints
Electronic Notes in Theoretical Computer Science (ENTCS)
On the Decidability of the Safety Problem for Access Control Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
Efficient policy analysis for administrative role based access control
Proceedings of the 14th ACM conference on Computer and communications security
Manageable fine-grained information flow
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Towards formal security analysis of GTRBAC using timed automata
Proceedings of the 14th ACM symposium on Access control models and technologies
Symbolic reachability analysis for parameterized administrative role based access control
Proceedings of the 14th ACM symposium on Access control models and technologies
Efficient symbolic automated analysis of administrative attribute-based RBAC-policies
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Automatic error finding in access-control policies
Proceedings of the 18th ACM conference on Computer and communications security
Towards access control model engineering
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Hi-index | 0.00 |
Model-based security engineering uses formal security models for specifying and analyzing access control systems. Tool-based model analysis encounters a fundamental difficulty here: on the one hand, real-world access control systems generally are quite large and complex and require models that have high expressive power. On the other hand, analysis of such models is often pestered by computational complexity or even non-decidability, making it difficult to devise algorithms for automated analysis tools. One approach to this problem is to limiting the expressive power of the modeling calculus, resulting in restrictions to the spectrum of application scenarios that can be modeled. In this paper we propose a different approach: a heuristic-based method for analyzing the safety properties of access control models with full expressive power. Aiming at generality, the paper focuses on the lineage of HRU-style, automaton-based access control models that are fundamental for modeling the dynamic behavior of contemporary role-based or attribute-based access control systems. The paper motivates a heuristics-based approach to model analysis, describes in detail a heuristic model safety analysis algorithm, and discusses its computational complexity. The algorithm is the core of a security model analysis tool within the context of a security policy engineering workbench; a formal description of major components of its heuristic-based symbolic model execution engine is given, and its capacity to analyze complex real-world access control systems is evaluated.