Abstract
One of the most widespread framework for the management of access-control policies is Administrative Role Based Access Control (ARBAC). Several automated analysis techniques have been proposed to help maintaining desirable security properties of ARBAC policies. One limitation of many available techniques is that the sets of users and roles are bounded. In this paper, we propose a symbolic framework to overcome this difficulty. We design an automated security analysis technique, parametric in the number of users and roles, by adapting recent methods for model checking infinite state systems that use first-order logic and state-of-the-art theorem proving techniques. Preliminary experiments with a prototype implementations seem to confirm the scalability of our technique.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Abdulla, P.A., Delzanno, G., Rezine, A.: Parameterized verification of infinite state processes with global conditions. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 145–157. Springer, Heidelberg (2007)
Abdulla, P.A., Jonsson, B.: Model checking of systems with many identical timed processes. Theoretical Computer Science, 241–264 (2003)
Alberti, F., Armando, A., Ranise, S.: Efficient Symbolic Automated Analysis of Administrative Role Based Access Control Policies. In: Proc. of 6th ACM Symp. on Info. Computer and Comm. Security, ASIACCS 2011 (2011)
Armando, A., Ranise, S.: Automated Symbolic Analysis of ARBAC-Policies, (Extended version) (2010), http://st.fbk.eu
Clark, K.: Negation as failure. In: Logic and Databases, pp. 293–322. Plenum Press, New York (1978)
Crampton, J.: Understanding and developing role-based administrative models. In: Proc. 12th ACM Conf. on Comp. and Comm. Security (CCS), pp. 158–167. ACM Press, New York (2005)
Enderton, H.B.: A Mathematical Introduction to Logic. Academic Press, Inc., London (1972)
Ghilardi, S., Nicolini, E., Ranise, S., Zucchelli, D.: Towards SMT model checking of array-based systems. In: Armando, A., Baumgartner, P., Dowek, G. (eds.) IJCAR 2008. LNCS (LNAI), vol. 5195, pp. 67–82. Springer, Heidelberg (2008)
Li, N., Mao, Z.: Administration in Role Based Access Control. In: Proc. ACM Symp. on Information, Computer, and Communication Security, ASIACCS (2007)
Li, N., Tripunitara, M.V.: Security analysis in role-based access control. ACM Transactions on Information and System Security (TISSEC) 9(4), 391–420 (2006)
Piskac, R., de Moura, L., Bjoerner, N.: Deciding Effectively Propositional Logic Using DPLL and Substitution Sets. J. of Autom. Reas. 44(4), 401–424 (2010)
Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 model for role-based control administration of roles. ACM Transactions on Information and System Security (TISSEC) 1(2), 105–135 (1999)
Sandhu, R., Coyne, E., Feinstein, H., Youmann, C.: Role-Based Access Control Models. IEEE Computer 2(29), 38–47 (1996)
Sasturkar, A., Yang, P., Stoller, S.D., Ramakrishnan, C.R.: Policy analysis for administrative role based access control. In: Proc. of the 19th Computer Security Foundations (CSF) Workshop, IEEE Computer Society Press, Los Alamitos (July 2006)
Stoller, S.D., Yang, P., Gofman, M.I., Ramakrishnan, C.R.: Symbolic Reachability Analysis for Parameterized Administrative Role Based Access Control. In: Proc. of. SACMAT 2009, pp. 445–454 (2007)
Stoller, S.D., Yang, P., Ramakrishnan, C.R., Gofman, M.I.: Efficient policy analysis for administrative role based access control. In: Proc. of the 14th Conf. on Computer and Communications Security (CCS). ACM Press, New York (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Armando, A., Ranise, S. (2011). Automated Symbolic Analysis of ARBAC-Policies. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds) Security and Trust Management. STM 2010. Lecture Notes in Computer Science, vol 6710. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22444-7_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-22444-7_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22443-0
Online ISBN: 978-3-642-22444-7
eBook Packages: Computer ScienceComputer Science (R0)