ACPT: A Tool for Modeling and Verifying Access Control Policies

Hwang, JeeHyun; Xie, Tao; Hu, Vincent C.; Altunay, Mine

doi:10.1109/policy.2010.22

Cited by 35 publications

(24 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Specifically, SAX stream API is employed as the parser to load an RBAC policy in XML (e.g. created by ACPT [26]) and produce the adjacency list A G . In turn, the T G is computed from the A G .…”

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

Verification of Secure Inter-operation Properties in Multi-domain RBAC Systems

Gouglidis

Mavridis

2013

2013 IEEE Seventh International Conference on Software Security and Reliability Companion

View full text Add to dashboard Cite

The increased complexity of modern access control (AC) systems stems partly from the need to support diverse and multiple administrative domains. Systems engineering is a key technology to manage this complexity since it is capable of assuring that an operational system will adhere to the initial conceptual design and defined requirements. Specifically, the verification stage of an AC system should be based on techniques that have a sound and mathematical underpinning. Working on this assumption, model checking techniques are applied for the verification of predefined system properties, and thus, conducting a security analysis of a system. In this paper, we propose the utilization of automated and error-free model checking techniques for the verification of security properties in multidomain AC systems. Therefore, we propose a formal definition in temporal logic of four AC system properties regarding secure inter-operation with Role-Based Access Control (RBAC) policies in order to be verified by using model checking. For this purpose, we demonstrate the implementation of a tool chain for expressing RBAC security policies, reasoning on role hierarchies and properly feeding the model checking process. The proposed approach can be applied in any RBAC model to efficiently detect non-conformance between an AC system and its security specifications. As a proof of concept, we provide examples illustrating the verification of the defined secure inter-operation properties in multi-domain RBAC policies.

show abstract

Section: Methodsmentioning

confidence: 99%

“…The technique is to verify specified AC properties against AC models using a black-box model checking method [5]. An implementationAccess Control Policy Tool (ACPT) [26] is developed by NIST Computer Security Division in corporation of North Carolina State University.…”

Section: Related Workmentioning

confidence: 99%

Verification of Secure Inter-operation Properties in Multi-domain RBAC Systems

Gouglidis

Mavridis

2013

2013 IEEE Seventh International Conference on Software Security and Reliability Companion

View full text Add to dashboard Cite

show abstract

“…In our work [7], we apply modeling checking tool ACPT (access control policy testing) [38] to specify policy models and their properties during policy modeling to assure that WBAC policies satisfy the security properties intended by the model.…”

Section: T) ∧ P Er-t R-a(tr Evaluator = {(Read Obj B ) (Write Obj mentioning

confidence: 99%

Work-Based Access Control Model for Cooperative Healthcare Environments: Formal Specification and Verification

Abomhara

Yang

Køien

et al. 2017

J Healthc Inform Res

View full text Add to dashboard Cite

In this study, an access control model for cooperative healthcare environments is presented. A work-based access control (WBAC) model is proposed by introducing the concept of team role classification based on Belbin team role theory and modifying the user-role assignment model from previous work. Roles are used in conjunction with team roles to handle access control in dynamic collaborative environments. To evaluate and analyze the security, efficiency, and practicality of the proposed model, we first formalize the model (events and policies), define the basic element set and relations in the WBAC model, present the WBAC authorization constraints, and define the WBAC access control decision function. Second, we evaluate the model's security and manageability validity to ensure that the security and management requirements of our WBAC model are met. Finally, we evaluate the performance of the proposed model and compare it with relevant existing models.

show abstract

“…The technique is to verify specified AC properties against AC models using a black-box model checking method [6]. An implementation --Access Control Policy Tool (ACPT) [23] is developed by NIST Computer Security Division in corporation of North Carolina State University.…”

Section: Fig 4 Operational Environmentmentioning

confidence: 99%

A Methodology for the Development and Verification of Access Control Systems in Cloud Computing

Gouglidis

Mavridis

2013

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Abstract. Cloud computing is an emergent technology that has generated significant interest in the marketplace and is forecasted for high growth. Moreover, Cloud computing has a great impact on different type of users from individual consumers and businesses to small and medium size (SMBs) and enterprise businesses. Although there are many benefits to adopting Cloud computing, there are significant barriers to adoption, viz. security and privacy. In this paper, we focus on carefully planning security aspects regarding access control of Cloud computing solutions before implementing them and, furthermore, on ensuring they satisfy particular organizational security requirements. Specifically, we propose a methodology for the development of access control systems. The methodology is capable of utilizing existing security requirements engineering approaches for the definition and evaluation of access control models, and verification of access control systems against organizational security requirements using techniques that are based on formal methods. A proof of concept example is provided that demonstrates the application of the proposed methodology on Cloud computing systems.

show abstract

ACPT: A Tool for Modeling and Verifying Access Control Policies

Cited by 35 publications

References 8 publications

Verification of Secure Inter-operation Properties in Multi-domain RBAC Systems

Verification of Secure Inter-operation Properties in Multi-domain RBAC Systems

Work-Based Access Control Model for Cooperative Healthcare Environments: Formal Specification and Verification

A Methodology for the Development and Verification of Access Control Systems in Cloud Computing

Contact Info

Product

Resources

About