Automated verification of access control policies using a SAT solver

被引:66
|
作者
Graham Hughes
Tevfik Bultan
机构
[1] University of California,Computer Science Department
来源
International Journal on Software Tools for Technology Transfer | 2008年 / 10卷 / 6期
关键词
Access control; Automated verification;
D O I
10.1007/s10009-008-0087-9
中图分类号
学科分类号
摘要
Managing access control policies in modern computer systems can be challenging and error-prone. Combining multiple disparate access policies can introduce unintended consequences. In this paper, we present a formal model for specifying access to resources, a model that encompasses the semantics of the xacml access control language. From this model we define several ordering relations on access control policies that can be used to automatically verify properties of the policies. We present a tool for automatically verifying these properties by translating these ordering relations to Boolean satisfiability problems and then applying a sat solver. Our experimental results demonstrate that automated verification of xacml policies is feasible using this approach.
引用
收藏
页码:503 / 520
页数:17
相关论文
共 50 条
  • [1] Automated Verification of Completeness and Consistency of Abstract State Machine Specifications using a SAT Solver
    Ouimet, Martin
    Lundqvist, Kristina
    ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE, 2007, 190 (02) : 85 - 97
  • [2] Automated Generation, Verification, and Ranking of Secure SoC Access Control Policies
    Meza, Andres
    Kastner, Ryan
    2023 CYBER-PHYSICAL SYSTEMS AND INTERNET-OF-THINGS WEEK, CPS-IOT WEEK WORKSHOPS, 2023, : 198 - 202
  • [3] Algorithmic Verification of Intransitive Noninterference for 3-domain Security Policies with a SAT Solver
    Liu Zhifeng
    Zhou Conghua
    Ge Yun
    Zhang Dong
    APPLIED MATHEMATICS & INFORMATION SCIENCES, 2013, 7 (05): : 1825 - 1835
  • [4] Verification and enforcement of access control policies
    Antonio Cau
    Helge Janicke
    Ben Moszkowski
    Formal Methods in System Design, 2013, 43 : 450 - 492
  • [5] Verification and enforcement of access control policies
    Cau, Antonio
    Janicke, Helge
    Moszkowski, Ben
    FORMAL METHODS IN SYSTEM DESIGN, 2013, 43 (03) : 450 - 492
  • [6] Coverage-Driven Design Verification Using a Diverse SAT Solver
    Kakiuchi, Yosuke
    Hamaguchi, Kiyoharu
    IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, 2017, E100A (07) : 1481 - 1487
  • [7] Automated decomposition of access control policies
    Su, LY
    Chadwick, DW
    Basden, A
    Cunningham, JA
    SIXTH IEEE INTERNATIONAL WORKSHOP ON POLICIES FOR DISTRIBUTED SYSTEMS AND NETWORKS, PROCEEDINGS, 2005, : 3 - 13
  • [8] Dynamic Access Control Policies: Specification and Verification
    Janicke, H.
    Cau, A.
    Siewe, F.
    Zedan, H.
    COMPUTER JOURNAL, 2013, 56 (04): : 440 - 463
  • [9] Verilog transformation for an RTL SAT solver in formal verification
    Yang, Xiaoqing
    Bian, Jinian
    Deng, Shujun
    Zhao, Yanni
    2007 INTERNATIONAL CONFERENCE ON COMMUNICATIONS, CIRCUITS AND SYSTEMS PROCEEDINGS, VOLS 1 AND 2: VOL 1: COMMUNICATION THEORY AND SYSTEMS; VOL 2: SIGNAL PROCESSING, COMPUTATIONAL INTELLIGENCE, CIRCUITS AND SYSTEMS, 2007, : 1339 - +
  • [10] SAT-Lancer: A Hardware SAT-Solver for Self-Verification
    Ustaoglu, Buse
    Huhn, Sebastian
    Grosse, Daniel
    Drechsler, Rolf
    PROCEEDINGS OF THE 2018 GREAT LAKES SYMPOSIUM ON VLSI (GLSVLSI'18), 2018, : 479 - 482
12345