Skip to main content
SpringerLink
Log in

A Formal Model and Correctness Proof for an Access Control Policy Framework

  • Conference paper
Certified Programs and Proofs (CPP 2013)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 8307))

Included in the following conference series:

Abstract

If an access control policy promises that a resource is protected in a system, how do we know it is really protected? To give an answer we formalise in this paper the Role-Compatibility Model—a framework, introduced by Ott, in which access control policies can be expressed. We also give a dynamic model determining which security related events can happen while a system is running. We prove that if a policy in this framework ensures a resource is protected, then there is really no sequence of events that would compromise the security of this resource. We also prove the opposite: if a policy does not prevent a security compromise of a resource, then there is a sequence of events that will compromise it. Consequently, a static policy check is sufficient (sound and complete) in order to guarantee or expose the security of resources before running the system. Our formal model and correctness proof are mechanised in the Isabelle/HOL theorem prover using Paulson’s inductive method for reasoning about valid sequences of events. Our results apply to the Role-Compatibility Model, but can be readily adapted to other role-based access control models.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Archer, M., Leonard, E.I., Pradella, M.: Analyzing Security-Enhanced Linux Policy Specifications. In: Proc. of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY), pp. 158–169 (2003)

    Google Scholar 

  2. Bugliesi, M., Calzavara, S., Focardi, R., Squarcina, M.: Gran: Model Checking Grsecurity RBAC Policies. In: Proc. of the 25th IEEE Computer Security Foundations Symposium (CSF), pp. 126–138 (2012)

    Google Scholar 

  3. Guttman, J.D., Herzog, A.L., Ramsdell, J.D., Skorupka, C.W.: Verifying Information Flow Goals in Security-Enhanced Linux. Journal of Computer Security 13(1), 115–134 (2005)

    Google Scholar 

  4. Jha, S., Li, N., Tripunitara, M.V., Wang, Q., Winsborough, W.H.: Towards Formal Verification of Role-Based Access Control Policies. IEEE Transactions Dependable and Secure Computing 5(4), 242–255 (2008)

    Article  Google Scholar 

  5. Ott, A.: The Role Compatibility Security Model. In: Proc. of the 7th Nordic Workshop on Secure IT Systems, NordSec (2002)

    Google Scholar 

  6. Ott, A.: Mandatory Rule Set Based Access Control in Linux: A Multi-Policy Security Framework and Role Model Solution for Access Control in Networked Linux Systems. PhD thesis, University of Hamburg (2007)

    Google Scholar 

  7. Ott, A., Fischer-Hübner, S.: A Role-Compatibility Model for Secure System Administration, http://www.rsbac.org/doc/media/rc-paper.php

  8. Paulson, L.C.: The Inductive Approach to Verifying Cryptographic Protocols. Journal of Computer Security 6(1-2), 85–128 (1998)

    Google Scholar 

  9. Sarna-Starosta, B., Stoller, S.D.: Policy Analysis for Security-Enhanced Linux. In: Proc. of the 2004 Workshop on Issues in the Theory of Security (WITS), pp. 1–12 (2004)

    Google Scholar 

  10. Uzun, E., Atluri, V., Sural, S., Vaidya, J., Parlato, G., Ferrara, A.L., Madhusudan, P.: Analyzing Temporal Role Based Access Control Models. In: Proc. of the 17th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 177–186 (2012)

    Google Scholar 

  11. Zhang, X., Urban, C., Wu, C.: Priority Inheritance Protocol Proved Correct. In: Beringer, L., Felty, A. (eds.) ITP 2012. LNCS, vol. 7406, pp. 217–232. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. PLA University of Science and Technology, China

    Chunhan Wu & Xingyuan Zhang

  2. King’s College London, UK

    Chunhan Wu & Christian Urban

Authors
  1. Chunhan Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xingyuan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christian Urban
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Microsoft Research Cambridge, 21 Station Road, CB1 2FB, Cambridge, UK

    Georges Gonthier

  2. Canberra Research Lab., NICTA, PO Box 8001, 2601, Canberra, ACT, Australia

    Michael Norrish

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer International Publishing Switzerland

About this paper

Cite this paper

Wu, C., Zhang, X., Urban, C. (2013). A Formal Model and Correctness Proof for an Access Control Policy Framework. In: Gonthier, G., Norrish, M. (eds) Certified Programs and Proofs. CPP 2013. Lecture Notes in Computer Science, vol 8307. Springer, Cham. https://doi.org/10.1007/978-3-319-03545-1_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-03545-1_19

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-03544-4

  • Online ISBN: 978-3-319-03545-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation