Graph-Based Algorithms for Boolean Function Manipulation
IEEE Transactions on Computers
Statecharts: A visual formalism for complex systems
Science of Computer Programming
Verification of synchronous sequential machines based on symbolic execution
Proceedings of the international workshop on Automatic verification methods for finite state systems
The temporal logic of reactive and concurrent systems
The temporal logic of reactive and concurrent systems
Symbolic Boolean manipulation with ordered binary-decision diagrams
ACM Computing Surveys (CSUR)
Symbolic model checking: 1020 states and beyond
Information and Computation - Special issue: Selections from 1990 IEEE symposium on logic in computer science
ACM Transactions on Programming Languages and Systems (TOPLAS)
Partial derivatives of regular expressions and finite automaton constructions
Theoretical Computer Science
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
Derivatives of Regular Expressions
Journal of the ACM (JACM)
Conflicts in Policy-Based Distributed Systems Management
IEEE Transactions on Software Engineering
Model checking
ACM Transactions on Information and System Security (TISSEC)
ACM Transactions on Computational Logic (TOCL)
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
TRBAC: A temporal role-based access control model
ACM Transactions on Information and System Security (TISSEC)
Introduction to Formal Hardware Verification: Methods and Tools for Designing Correct Circuits and Systems
Symbolic Model Checking
Dynamic Logic
A Combination of Clausal and Non Clausal Temporal Logic Programs
IJCAI '93 Proceedings of the Workshop on Executable Modal and Temporal Logics
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
MONA 1.x: New Techniques for WS1S and WS2S
CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
NuSMV 2: An OpenSource Tool for Symbolic Model Checking
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
ACM SIGOPS Operating Systems Review
Reasoning about digital circuits
Reasoning about digital circuits
The UCONABC usage control model
ACM Transactions on Information and System Security (TISSEC)
A logical specification for usage control
Proceedings of the ninth ACM symposium on Access control models and technologies
A compositional framework for access control policies enforcement
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
A Generalized Temporal Role-Based Access Control Model
IEEE Transactions on Knowledge and Data Engineering
IEEE Transactions on Dependable and Secure Computing
Formal model and policy specification of usage control
ACM Transactions on Information and System Security (TISSEC)
Safety analysis of usage control authorization models
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
A model-checking approach to analysing organisational controls in a loan origination process
Proceedings of the eleventh ACM symposium on Access control models and technologies
A Compositional Event & Time-Based Policy Model
POLICY '06 Proceedings of the Seventh IEEE International Workshop on Policies for Distributed Systems and Networks
Deriving Enforcement Mechanisms from Policies
POLICY '07 Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks
Security Enforcement Model for Distributed Usage Control
SUTC '08 Proceedings of the 2008 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (sutc 2008)
A logic-based framework for web access control policies
A logic-based framework for web access control policies
An algebra for fine-grained integration of XACML policies
Proceedings of the 14th ACM symposium on Access control models and technologies
Conformance Testing of Temporal Role-Based Access Control Systems
IEEE Transactions on Dependable and Secure Computing
Regular Linear-Time Temporal Logic
TIME '10 Proceedings of the 2010 17th International Symposium on Temporal Representation and Reasoning
Anomaly discovery and resolution in web access control policies
Proceedings of the 16th ACM symposium on Access control models and technologies
Compositional Reasoning Using Intervals and Time Reversal
TIME '11 Proceedings of the 2011 Eighteenth International Symposium on Temporal Representation and Reasoning
IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
Dynamic Access Control Policies
The Computer Journal
| Hi-index | 0.00 |
Access control mechanisms protect critical resources of systems from unauthorized access. In a policy-based management approach, administrators define user privileges as rules that determine the conditions and the extent of users' access rights. As rules become more complex, analytical skills are required to identify conflicts and interactions within the rules that comprise a system policy--especially when rules are stateful and depend on event histories. Without adequate tool support such an analysis is error-prone and expensive. In consequence, many policy specifications are inconsistent or conflicting that render the system insecure. The security of the system, however, does not only depend on the correct specification of the security policy, but in a large part also on the correct interpretation of those rules by the system's enforcement mechanism.In this paper, we show how policy rules can be formalized in Fusion Logic, a temporal logic for the specification of behavior of systems. A symbolic decision procedure for Fusion Logic based on Binary Decision Diagrams (BDDs) is provided and we introduce a novel technique for the construction of enforcement mechanisms of access control policy rules that uses a BDD encoded enforcement automaton based on input traces which reflect state changes in the system. We provide examples of verification of policy rules, such as absence of conflicts, and dynamic separation of duty and of the enforcement of policies using our prototype implementation (FLCheck) for which we detail the underlying theory.