Heuristic safety analysis of access control models

Amthor, Peter; Kühnhauser, Winfried E.; Pölck, Anja

doi:10.1145/2462410.2462413

Cited by 4 publications

(8 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Proof: [Lemma 1] For the left-to-right implication, let a H = (ty, C a , ts rule , C, ts r , r) and ty = can_assign. 4 Since (RS , TUA, TRH , t) → a H (RS , TUA , TRH , t) and recalling Definition 17 of → AT RBACH , we have the following:…”

Section: Correctness Of τ H2fmentioning

confidence: 99%

“…To overcome this issue, two alternative approaches are available: either (a) identify a fragment of the access control policies admitting a decision procedure for a restricted version of the safety problem or (b) consider unrestricted policies and design heuristic (albeit incomplete) methods capable of solving practically relevant instances of the general safety problem. For instance, several techniques for alternative (a) have been proposed for administrative models of Role-Based Access Control (RBAC) policies [33] as witnessed by a long stream of papers, e.g., [21,3,38,24,39,6,1,7,18,15,31,28,44]; whereas alternative (b) has been less investigated (see, e.g., [4,5]).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Automated and efficient analysis of administrative temporal RBAC policies with role hierarchies

Ranise

Truong

Viganò

2018

JCS

View full text Add to dashboard Cite

Temporal role-based access control models support the specification and enforcement of several temporal constraints on role enabling, role activation, and temporal role hierarchies among others. In this paper, we define three mappings that preserve the solutions to a class of policy problems: they map security analysis problems in presence of static temporal role hierarchies to problems without them. We show how our mappings can be used to extend the capabilities of a tool for the analysis of administrative temporal role-based access control policies to reason in presence of temporal role hierarchies. We carried out an experimental evaluation with a prototype implementation, which highlighted that one of the proposed mappings behaves better than the other two. To the best of our knowledge, ours is the first tool capable of reasoning with (static) temporal role hierarchies.

show abstract

Section: Correctness Of τ H2fmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Automated and efficient analysis of administrative temporal RBAC policies with role hierarchies

Ranise

Truong

Viganò

2018

JCS

View full text Add to dashboard Cite

show abstract

“…This enables tractability of the original, merely semi-decidable safety property and naturally yields an approximate solution. 1 Our most promising approach to heuristic analysis, DepSearch [3], is therefore generalized in this paper to fit any core-based entity labeling model. The notion of safety used in our approach is based on Tripunitara's and Li's [33] precise and meaningful revisions of the original safety-definition.…”

Section: Related Workmentioning

confidence: 99%

“…In this section, we discuss the basic idea of heuristic safety analysis. We will outline one of the most successful algorithmic approaches to this problem, DepSearch, presented for the HRU access control model in [3,4]. On this basis, we will later introduce a systematic generalization of DepSearch.…”

Section: Model Analysismentioning

confidence: 99%

“…Contributions of this work include 1. a generalization of the DepSearch heuristic for model safety analysis [3], with the goal to be adaptable to every core-based/EL access control model, 2. a partially automatable workflow of tailoring both a formal safety property and an appropriate heuristic to a specific model, 3. a demonstration of this process for SELX, resulting in a specialized safety analysis algorithm for SELinux security policies.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Towards a Uniform Framework for Dynamic Analysis of Access Control Models

Amthor

2017

Preprint

Self Cite

View full text Add to dashboard Cite

Security-critical system requirements are increasingly enforced through mandatory access control systems. These systems are controlled by security policies, highly sensitive system components, which emphasizes the paramount importance of formally verified security properties regarding policy correctness. For the class of safety-properties, addressing potential dynamic right proliferation, a number of known and tested formal analysis methods and tools already exist. Unfortunately, these methods need to be redesigned from scratch for each particular policy from a broad range of different application domains. In this paper, we seek to mitigate this problem by proposing a uniform formal framework, tailorable to a safety analysis algorithm for a specific application domain. We present a practical workflow, guided by model-based knowledge, that is capable of producing a meaningful formal safety definition along with an algorithm to heuristically analyze that safety. Our method is demonstrated based on security policies for the SELinux operating system.

show abstract

Putting the Pieces Together: Model-Based Engineering Workflows for Attribute-Based Access Control Policies

Schlegel

Amthor

2023

Communications in Computer and Information Science

View full text Add to dashboard Cite

Heuristic safety analysis of access control models

Cited by 4 publications

References 27 publications

Automated and efficient analysis of administrative temporal RBAC policies with role hierarchies

Automated and efficient analysis of administrative temporal RBAC policies with role hierarchies

Towards a Uniform Framework for Dynamic Analysis of Access Control Models

Putting the Pieces Together: Model-Based Engineering Workflows for Attribute-Based Access Control Policies

Contact Info

Product

Resources

About