skip to main content
10.1145/2613087.2613102acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
research-article

Scalable and precise automated analysis of administrative temporal role-based access control

Published: 25 June 2014 Publication History

Abstract

Extensions of Role-Based Access Control (RBAC) policies taking into account contextual information (such as time and space) are increasingly being adopted in real-world applications. Their administration is complex since they must satisfy rapidly evolving needs. For this reason, automated techniques to identify unsafe sequences of administrative actions (i.e. actions generating policies by which a user can acquire permissions that may compromise some security goals) are fundamental tools in the administrator's tool-kit. In this paper, we propose a precise and scalable automated analysis technique for the safety of administrative temporal RBAC policies. Our approach is to translate safety problems for this kind of policy to (decidable) reachability problems of a certain class of symbolic transition systems. The correctness of the translation allows us to design a precise analysis technique for the safety of administrative RBAC policies with a finite but unknown number of users. For scalability, we present a heuristics that allows us to reduce the set of administrative actions without losing the precision of the analysis. An extensive experimental analysis confirms the scalability and precision of the approach also in comparison with a recent analysis technique developed for the same class of temporal RBAC policies.

References

[1]
F. Alberti, A. Armando, and S. Ranise. Efficient Symbolic Automated Analysis of Administrative Role Based Access Control Policies. In ASIACCS. ACM Pr., 2011.
[2]
R. Alur and D. Dill. A theory of timed automata. Theoretical Computer Science, 126:183--285, 1994.
[3]
A. Armando and S. Ranise. Automated Symbolic Analysis of ARBAC Policies. In 6th STM Workshop, volume 6710 of LNCS, pages 17--33. Springer, 2010.
[4]
A. Armando and S. Ranise. Automated and efficient analysis of role-based access control with attributes. In DBSec'12: Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy, pages 25--40. Springer-Verlag, 2012.
[5]
A. Armando and S. Ranise. Scalable Automated Symbolic Analysis of Administrative Role-Based Access Control Policies by SMT Solving. J. of Computer Security, 20(4):309--352, 2012.
[6]
B. Beckert, C. A. R. Hoare, R. Hahnle, R. Smith, D. R. Green, S. Ranise, C. Tinelli, T. Ball, and S. K. Rajamani. Intelligent systems and formal methods in software engineering. IEEE Int. Sys., 21(6):71--81, 2006.
[7]
E. Bertino, P. Bonatti, and E. Ferrari. TRBAC: A Temporal Role Based Access Control Model. ACM TISSEC, 4(3):191--233, 2001.
[8]
H. B. Enderton. A Mathematical Introduction to Logic. Academic Press, Inc., 1972.
[9]
A. L. Ferrara, P. Madhusudan, and G. Parlato. Policy Analysis for Self-Administrated Role-based Access Control. In TACAS. Springer, 2013.
[10]
S. Ghilardi and S. Ranise. MCMT: a Model Checker Modulo Theories. In Proc. of IJCAR'10, LNCS, 2010.
[11]
M. I. Gofman, R. Luo, A. C. Solomon, Y. Zhang, P. Yang, and S. D. Stoller. Rbac-pat: A policy analysis tool for role based access control. In TACAS, volume 5505 of LNCS, pages 46--49. Springer, 2009.
[12]
M. A. Harrison, W. L. Ruzzo, and J. D. Ullman. Protection in Operating Systems. Communications of ACM, 19(8):461--471, 1976.
[13]
K. Jayaraman, V. Ganesh, M. Tripunitara, M. Rinard, and S. Chapin. Automatic Error Finding for Access-Control Policies. In CCS. ACM, 2011.
[14]
J. B. D. Joshi, E. Bertino, U. Latif, and A. Ghafoor. A Generalized Temporal Role-Based Access Control Model. In IEEE Trans. on Knowledge and Data Engineering, 7(1):4--23, 2005.
[15]
N. Li and M. V. Tripunitara. Security analysis in role-based access control. ACM TISSEC, 9(4):391--420, 2006.
[16]
S. Mondal, S. Sural, and V. Atluri. Security analysis of GTRBAC and its variants using model checking. volume 30, pages 128--147, 2011.
[17]
R. Piskac, L. de Moura, and N. Bjørner. Deciding Effectively Propositional Logic Using DPLL and Substitution Sets. J. of Automated Reasoning, 44(4):401--424, 2010.
[18]
F. P. Ramsey. On a Problem of Formal Logic. Proceedings of the London Mathematical Society, s2-30(1):264--286, 1930.
[19]
S. Ranise. Symbolic Backward Reachability with Effectively Propositional Logic|Applications to Security Policy Analysis. FMSD, 42(1):24--45, 2013.
[20]
S. Ranise, T. A. Truong, and A. Armando. Boosting Model Checking to Analyse Large ARBAC Policies. In 8th STM Workshop, volume 7783 of LNCS, pages 273--288. Springer, 2012.
[21]
R. Sandhu, V. Bhamidipati, and Q. Munawer. The ARBAC97 model for role-based control administration of roles. ACM TISSEC, 1(2):105--135, 1999.
[22]
R. Sandhu, E. Coyne, H. Feinstein, and C. Youmann. Role-Based Access Control Models. IEEE Computer, 2(29):38--47, 1996.
[23]
A. Sasturkar, P. Yang, S. D. Stoller, and C.R. Ramakrishnan. Policy analysis for administrative role based access control. In CSF. IEEE Press, July 2006.
[24]
S. D. Stoller, P. Yang, C.R. Ramakrishnan, and M. I. Gofman. Efficient policy analysis for administrative role based access control. In CCS. ACM Press, 2007.
[25]
E. Uzun. Personal communication. By email, October 29, 2013.
[26]
E. Uzun, V. Atluri, S. Sural, J. Vaidya, G. Parlato, and A. L. Ferrara. Analyzing Temporal Role Based Access Control Models. In SACMAT, pages 177--186. ACM, 2012.
[27]
E. Uzun, V. Atluri, J. Vaidya, and S. Sural. Analysis of TRBAC with Dynamic Temporal Role Hierarchies. In DBSeC XXVII, volume 7964 of LNCS, pages 297--304. 2013.

Cited By

View all
  • (2022)A Survey on Empirical Security Analysis of Access-control Systems: A Real-world PerspectiveACM Computing Surveys10.1145/353370355:6(1-28)Online publication date: 7-Dec-2022
  • (2020)A Secure and Privacy-Preserving Approach to Protect User Data across Cloud based Online Social NetworksInternational Journal of Grid and High Performance Computing10.4018/IJGHPC.202004010112:2(1-24)Online publication date: Apr-2020
  • (2020)A Secure and Privacy-Preserving Approach to Protect User Data across Cloud based Online Social NetworksResearch Anthology on Artificial Intelligence Applications in Security10.4018/978-1-7998-7705-9.ch027(560-585)Online publication date: 27-Nov-2020
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SACMAT '14: Proceedings of the 19th ACM symposium on Access control models and technologies
June 2014
234 pages
ISBN:9781450329392
DOI:10.1145/2613087
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 June 2014

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. administrative access control
  2. automated safety analysis
  3. temporal role-based access control

Qualifiers

  • Research-article

Conference

SACMAT '14
Sponsor:

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)5
  • Downloads (Last 6 weeks)0
Reflects downloads up to 20 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2022)A Survey on Empirical Security Analysis of Access-control Systems: A Real-world PerspectiveACM Computing Surveys10.1145/353370355:6(1-28)Online publication date: 7-Dec-2022
  • (2020)A Secure and Privacy-Preserving Approach to Protect User Data across Cloud based Online Social NetworksInternational Journal of Grid and High Performance Computing10.4018/IJGHPC.202004010112:2(1-24)Online publication date: Apr-2020
  • (2020)A Secure and Privacy-Preserving Approach to Protect User Data across Cloud based Online Social NetworksResearch Anthology on Artificial Intelligence Applications in Security10.4018/978-1-7998-7705-9.ch027(560-585)Online publication date: 27-Nov-2020
  • (2020)Forensic Analysis in Access ControlProceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security10.1145/3372297.3417860(1533-1550)Online publication date: 30-Oct-2020
  • (2020)Automated Analysis of Access Control Policies Based on Model CheckingSN Computer Science10.1007/s42979-020-00307-81:6Online publication date: 10-Oct-2020
  • (2019)Cree: a Performant Tool for Safety Analysis of Administrative Temporal Role-Based Access Control (ATRBAC) PoliciesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2019.2949410(1-1)Online publication date: 2019
  • (2019)Using Hierarchical Timed Coloured Petri Nets in the formal study of TRBAC security policiesInternational Journal of Information Security10.1007/s10207-019-00448-9Online publication date: 27-Jun-2019
  • (2019)A secure cloud-based solution for real-time monitoring and management of Internet of underwater things (IOUT)Neural Computing and Applications10.1007/s00521-018-3774-931:1(293-308)Online publication date: 1-Jan-2019
  • (2019)Automated Security Analysis of Authorization Policies with Contextual InformationTransactions on Large-Scale Data- and Knowledge-Centered Systems XLI10.1007/978-3-662-58808-6_5(107-139)Online publication date: 7-Feb-2019
  • (2018)Automated and efficient analysis of administrative temporal RBAC policies with role hierarchiesJournal of Computer Security10.3233/JCS-1575626:4(423-458)Online publication date: 10-Jul-2018
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media