Formal Specification and Validation of Security Policies

Bourdier, Tony; Cirstea, Horatiu; Jaume, Mathieu; Kirchner, Hélène

doi:10.1007/978-3-642-27901-0_12

Cited by 8 publications

(7 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The specification of policies by means of rewriting systems allows, not only to take advantage of the extensive theory of rewriting to establish security properties, as shown in [49,23,15] amongst other works, but also to make use of rewriting-based frameworks (such as CiME, MAUDE or TOM) to reason about policy properties. Our work addresses similar issues, but is based on a notion of category-based access control for distributed environments, which we interpret using labelled graphs, and which can be instantiated to include concepts like time, events, and histories that are not included as elements of RT or RBAC.…”

Section: Related Workmentioning

confidence: 99%

A graph-based framework for the analysis of access control policies

Alves¹,

Fernández²

2017

Theoretical Computer Science

View full text Add to dashboard Cite

We design a graph-based framework for the analysis of access control policies that aims at easing the specification and verification tasks for security administrators. We consider policies in the category-based access control model, which has been shown to subsume many of the most well known access control models (e.g., MAC, DAC, RBAC). Using a graphical representation of category-based policies, we show how answers to usual administrator queries can be automatically computed, and properties of access control policies checked. We show applications in the context of emergency situations, where our framework can be used to analyse the interaction between access control and emergency management.

show abstract

Section: Related Workmentioning

confidence: 99%

A graph-based framework for the analysis of access control policies

Alves¹,

Fernández²

2017

Theoretical Computer Science

View full text Add to dashboard Cite

show abstract

“…Bourdier et al point out the existence of several competing techniques for expressiveness analysis, none of which consider the deployment. They approach one facet of this problem by proposing a formalism for access control systems that can more easily be transformed into implementations using rewrite-based tools [21]. Several others simply express a desire to use expressiveness analysis, but never do so, presumably due to the complexities of selecting and using the right notion of simulation [22], [23].…”

Section: Usage and Implicationsmentioning

confidence: 99%

Decomposing, Comparing, and Synthesizing Access Control Expressiveness Simulations

Garrison

Lee

2015

2015 IEEE 28th Computer Security Foundations Symposium

View full text Add to dashboard Cite

Access control is fundamental to computer security, and has thus been the subject of extensive formal study. In particular, relative expressiveness analysis techniques have used formal mappings called simulations to explore whether one access control system is capable of emulating another, thereby comparing the expressive power of these systems. Unfortunately, the notions of expressiveness simulation that have been explored vary widely, which makes it difficult to compare results in the literature, and even leads to apparent contradictions between results. Furthermore, some notions of expressiveness simulation make use of non-determinism, and thus cannot be used to define mappings between access control systems that are useful in practical scenarios. In this work, we define the minimum set of properties for an implementable access control simulation; i.e., a deterministic "recipe" for using one system in place of another. We then define a wide range of properties spread across several dimensions that can be enforced on top of this minimum definition. These properties define a taxonomy that can be used to separate and compare existing notions of access control simulation, many of which were previously incomparable. We position existing notions of simulation within our properties lattice by formally proving each simulation's equivalence to a corresponding set of properties. Lastly, we take steps towards bridging the gap between theory and practice by exploring the systems implications of points within our properties lattice. This shows that relative expressive analysis is more than just a theoretical tool, and can also guide the choice of the most suitable access control system for a specific application or scenario. arXiv:1504.07948v2 [cs.CR] 1 May 2015 CDM s S).Theorem 30 CDMs= {SCa, QPa, CDi, CS1, R→}; that is, the CDM strong simulation decomposes to authorization correspondence, authorization preservation, independent command mapping, lock-step, and forward reachability. Proof: By Lemma 28, if T sim CDM s S, then S ≤ P T . By Lemma 29, if S ≤ P T , then T sim CDM s S. Thus, S ≤ P T if and only if T sim CDM s S, and thus the CDM strong simulation decomposes to {SCa, QPa, CDi, CS1, R→}.

show abstract

“…In this framework, one can characterize the various entities involved in the definition of a security policy together with their roles, thus providing a semantic specification of security policies. Several developments on access control poli-cies and flow policies have been done within this framework: an operational mechanism that detects illegal information flows according to the flow policy induced by an access control policy is defined in [20], and the rule-based approach is considered in [7] by using rewrite systems. In this paper, we focus on the property-based approach, which provides for a clear distinction between a policy and its enforcement mechanism.…”

Section: Security Policies and Secured Systemsmentioning

confidence: 99%