Role-Based access control consistency validation

Centonze, Paolina; Naumovich, Gleb; Fink, Stephen J.; Pistoia, Marco

doi:10.1145/1146238.1146253

Cited by 25 publications

(19 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…ESPE's security analysis engine relies on a Java EE bytecode analysis system called T. J. Watson Libraries for Analysis (WALA), developed at IBM Research [29] and formerly known as DOMO [3]. WALA provides a range of call graph construction algorithms, ranging from class hierarchy analysis [6] to control-flow analysis with a variety of context-sensitivity policies [10].…”

Section: Call Graph Constructionmentioning

confidence: 99%

When Role Models Have Flaws: Static Validation of Enterprise Security Policies

Pistoia

Fink

Flynn

et al. 2007

29th International Conference on Software Engineering (ICSE'07)

Self Cite

View full text Add to dashboard Cite

Modern multiuser software systems have adopted RoleBased Access Control (RBAC) for authorization management. This paper presents a formal model for RBAC policy validation and a static-analysis model for RBAC systems that can be used to (i) identify the roles required by users to execute an enterprise application, (ii) detect potential inconsistencies caused by principal-delegation policies, which are used to override a user's role assignment, (iii) report if the roles assigned to a user by a given policy are redundant or insufficient, and (iv) report vulnerabilities that can result from unchecked intra-component accesses. The algorithms described in this paper have been implemented as part of IBM's Enterprise Security Policy Evaluator (ESPE) tool. Experimental results show that the tool found numerous policy flaws, including ten previously unknown flaws from two production-level applications, with no false-positive reports.

show abstract

Section: Call Graph Constructionmentioning

confidence: 99%

When Role Models Have Flaws: Static Validation of Enterprise Security Policies

Pistoia

Fink

Flynn

et al. 2007

29th International Conference on Software Engineering (ICSE'07)

Self Cite

View full text Add to dashboard Cite

show abstract

“…1a defines permissions [6] for the Emergency Room Collaboration (ERC) has CS Triage (others not shown). Triage negates permission getBillingHistory and getAppointmentHistory.…”

Section: Uml Role and Team Slice Diagrammentioning

confidence: 99%

Leveraging UML for Security Engineering and Enforcement in a Collaboration on Duty and Adaptive Workflow Model That Extends NIST RBAC

Berhe

Demurjian

Gokhale

et al. 2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. To facilitate collaboration in the patient-centered medical home (PCMH), our prior work extended the NIST role-based access control (RBAC) model to yield a formal collaboration on duty and adaptive workflow (COD/AWF) model. The next logical step is to place this work into the context of an integrated software process for security engineering from design through enforcement. Towards this goal, we promote a secure software engineering process that leverages an extended unified modeling language (UML) to visualize COD/AWF policies to achieve a solution that separates concerns while still providing the means to securely engineer dynamic collaborations for applications such as the PCMH. Once defined, these collaboration UML diagrams can be utilized to generate the corresponding aspect oriented policy code upon which the enforcement mechanism can be applied to at runtime.

show abstract

“…Given a field f of a class, Checker A in Figure 2 scans all the code that can access the field in the public methods within the class and then determines whether a write operation is executed on the given field f. A conservative algorithm for implementing Checker A is proposed in [6]. Checker B relies on escape information and class type to determine mutability for a field.…”

Section: Checker B [Escape-modificationmentioning

confidence: 99%

Improving Data Integrity with a Java Mutability Analysis

Shi¹,

Naumovich²

2007

14th Asia-Pacific Software Engineering Conference (APSEC'07)

Self Cite

View full text Add to dashboard Cite

This paper presents a static mutability analysis approach relying on escape information for Java components and uses the techniques to detect the security threats to data integrity before software components are deployed. In order to increase the precision of our analysis, we make a couple of significant modifications to mutability definitions based on previous work in the context of components.We extended our security analysis tool SecDetector with proposed mutability analysis, and used it to find potential threats to data integrity in Java components and lead developers to fix the security flaws. On the benchmarks in our experimental evaluation, we show that our tool can correctly find potential modification access violations with few false positives and provide evidence of the effectiveness of our techniques. While the analysis techniques are in the context of Java code, the basic concepts are applicable to other object-oriented programming languages as well.

show abstract

Role-Based access control consistency validation

Cited by 25 publications

References 28 publications

When Role Models Have Flaws: Static Validation of Enterprise Security Policies

When Role Models Have Flaws: Static Validation of Enterprise Security Policies

Leveraging UML for Security Engineering and Enforcement in a Collaboration on Duty and Adaptive Workflow Model That Extends NIST RBAC

Improving Data Integrity with a Java Mutability Analysis

Contact Info

Product

Resources

About