Automated verification of access control policies using a SAT solver

被引:66
|
作者
Graham Hughes
Tevfik Bultan
机构
[1] University of California,Computer Science Department
来源
International Journal on Software Tools for Technology Transfer | 2008年 / 10卷 / 6期
关键词
Access control; Automated verification;
D O I
10.1007/s10009-008-0087-9
中图分类号
学科分类号
摘要
Managing access control policies in modern computer systems can be challenging and error-prone. Combining multiple disparate access policies can introduce unintended consequences. In this paper, we present a formal model for specifying access to resources, a model that encompasses the semantics of the xacml access control language. From this model we define several ordering relations on access control policies that can be used to automatically verify properties of the policies. We present a tool for automatically verifying these properties by translating these ordering relations to Boolean satisfiability problems and then applying a sat solver. Our experimental results demonstrate that automated verification of xacml policies is feasible using this approach.
引用
收藏
页码:503 / 520
页数:17
相关论文
共 50 条
  • [31] A SAT solver using software and reconfigurable hardware
    Skliarova, L
    Ferrari, AB
    DESIGN, AUTOMATION AND TEST IN EUROPE CONFERENCE AND EXHIBITION, 2002 PROCEEDINGS, 2002, : 1094 - 1094
  • [32] Dependent Type Theory for Verification of Information Flow and Access Control Policies
    Nanevski, Aleksandar
    Banerjee, Anindya
    Garg, Deepak
    ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS, 2013, 35 (02):
  • [33] Verification and change-impact analysis of access-control policies
    Fisler, K
    Krishnamurthi, S
    Meyerovich, LA
    Tschantz, MC
    ICSE 05: 27TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, PROCEEDINGS, 2005, : 196 - 205
  • [34] Toward Formal Verification of Role-Based Access Control Policies
    Jha, Somesh
    Li, Ninghui
    Tripunitara, Mahesh
    Wang, Qihua
    Winsborough, William H.
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2008, 5 (04) : 242 - 255
  • [35] A Knowledge-Based Verification Method for Dynamic Access Control Policies
    Koleini, Masoud
    Ryan, Mark
    FORMAL METHODS AND SOFTWARE ENGINEERING, 2011, 6991 : 243 - 258
  • [36] An Architecture for Verification of Access Control Policies with Multi Agent System Ontologies
    Tekbacak, Fatih
    Tuglular, Tugkan
    Dikenelli, Oguz
    2009 IEEE 33RD INTERNATIONAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE, VOLS 1 AND 2, 2009, : 725 - +
  • [37] Automated Verification Using Unified Control Flows
    Gherghina, Cristian
    David, Cristina
    THIRD INTERNATIONAL SYMPOSIUM ON THEORETICAL ASPECTS OF SOFTWARE ENGINEERING, PROCEEDINGS, 2009, : 323 - 324
  • [38] Towards Automated Learning of Access Control Policies Enforced by Web Applications
    Iyer, Padmavathi
    Masoumzadeh, Amir
    PROCEEDINGS OF THE 28TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, SACMAT 2023, 2023, : 163 - 168
  • [39] Using SAT for verification in the presence of unknowns
    Li, GH
    Shao, M
    Li, XW
    2003 5TH INTERNATIONAL CONFERENCE ON ASIC, VOLS 1 AND 2, PROCEEDINGS, 2003, : 319 - 322
  • [40] A SAT solver using reconfigurable hardware and virtual logic
    Abramovici, M
    De Sousa, JT
    JOURNAL OF AUTOMATED REASONING, 2000, 24 (1-2) : 5 - 36
12345