NETRA:: seeing through access control

Authors:
Prasad Naldurg;Stefan Schwoon;Sriram Rajamani;John Lambert
Affiliations:
Microsoft Research India, Bangalore, India;Universität Stuttgart, Stuttgart, Germany;Microsoft Research India, Bangalore, India;Microsoft Corporation, Redmond, WA
Venue:
Proceedings of the fourth ACM workshop on Formal methods in security
Year:
2006

Citing 10
Cited 10

A comment on the `basic security theorem' of Bell and LaPadula

Information Processing Letters
The Specification and Modeling of Computer Security

Computer
A Linear Time Algorithm for Deciding Subject Security

Journal of the ACM (JACM)
Protection in operating systems

Communications of the ACM
Database Management Systems

Database Management Systems
Lattice-Based Access Control Models

Computer
The transfer of information and authority in a protection system

SOSP '79 Proceedings of the seventh ACM symposium on Operating systems principles
Policy management using access control spaces

ACM Transactions on Information and System Security (TISSEC)
Verifying information flow goals in security-enhanced Linux

Journal of Computer Security - Special issue on WITS'03
Microsoft Windows Internals, Fourth Edition: Microsoft Windows Server(TM) 2003, Windows XP, and Windows 2000 (Pro-Developer)

Microsoft Windows Internals, Fourth Edition: Microsoft Windows Server(TM) 2003, Windows XP, and Windows 2000 (Pro-Developer)

Security policy analysis using deductive spreadsheets

Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Extending logical attack graphs for efficient vulnerability analysis

Proceedings of the 15th ACM conference on Computer and communications security
EON: modeling and analyzing dynamic access control systems with logic programs

Proceedings of the 15th ACM conference on Computer and communications security
Modeling the trust boundaries created by securable objects

WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
Rewrite Based Specification of Access Control Policies

Electronic Notes in Theoretical Computer Science (ENTCS)
Heat-ray: combating identity snowball attacks using machinelearning, combinatorial optimization and attack graphs

Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Static and dynamic analysis: better together

APLAS'07 Proceedings of the 5th Asian conference on Programming languages and systems
Towards analyzing complex operating system access control configurations

Proceedings of the 15th ACM symposium on Access control models and technologies
Analyzing explicit information flow

ICISS'10 Proceedings of the 6th international conference on Information systems security
SEAL: a logic programming framework for specifying and verifying access control models

Proceedings of the 16th ACM symposium on Access control models and technologies

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present netra, a tool for systematically analyzing and detecting explicit information-flow vulnerabilities in access-control configurations. Our tool takes a snapshot of the access-control metadata, and performs static analysis on this snapshot. We devise an augmented relational calculus that naturally models both access control mechanisms and information-flow policies uniformly. This calculus is interpreted as a logic program, with a fixpoint semantics similar to Datalog, and produces all access tuples in a given configuration that violate properties of interest. Our analysis framework is programmable both at the model level and at the property level, effectively separating mechanism from policy. We demonstrate the effectiveness of this modularity by analyzing two systems with very different mechanisms for access control---Windows XP and SELinux---with the same specification of information-flow vulnerabilities. netra finds vulnerabilities in default configurations of both systems.