Skip to main content
SpringerLink
Log in

Automated Symbolic Analysis of ARBAC-Policies

  • Conference paper
Security and Trust Management (STM 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6710))

Included in the following conference series:

Abstract

One of the most widespread framework for the management of access-control policies is Administrative Role Based Access Control (ARBAC). Several automated analysis techniques have been proposed to help maintaining desirable security properties of ARBAC policies. One limitation of many available techniques is that the sets of users and roles are bounded. In this paper, we propose a symbolic framework to overcome this difficulty. We design an automated security analysis technique, parametric in the number of users and roles, by adapting recent methods for model checking infinite state systems that use first-order logic and state-of-the-art theorem proving techniques. Preliminary experiments with a prototype implementations seem to confirm the scalability of our technique.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. http://research.microsoft.com/en-us/um/redmond/projects/z3

  2. http://www.cs.stonybrook.edu/~stoller/ccs2007

  3. http://www.spass-prover.org

  4. Abdulla, P.A., Delzanno, G., Rezine, A.: Parameterized verification of infinite state processes with global conditions. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 145–157. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  5. Abdulla, P.A., Jonsson, B.: Model checking of systems with many identical timed processes. Theoretical Computer Science, 241–264 (2003)

    Google Scholar 

  6. Alberti, F., Armando, A., Ranise, S.: Efficient Symbolic Automated Analysis of Administrative Role Based Access Control Policies. In: Proc. of 6th ACM Symp. on Info. Computer and Comm. Security, ASIACCS 2011 (2011)

    Google Scholar 

  7. Armando, A., Ranise, S.: Automated Symbolic Analysis of ARBAC-Policies, (Extended version) (2010), http://st.fbk.eu

  8. Clark, K.: Negation as failure. In: Logic and Databases, pp. 293–322. Plenum Press, New York (1978)

    Google Scholar 

  9. Crampton, J.: Understanding and developing role-based administrative models. In: Proc. 12th ACM Conf. on Comp. and Comm. Security (CCS), pp. 158–167. ACM Press, New York (2005)

    Google Scholar 

  10. Enderton, H.B.: A Mathematical Introduction to Logic. Academic Press, Inc., London (1972)

    MATH  Google Scholar 

  11. Ghilardi, S., Nicolini, E., Ranise, S., Zucchelli, D.: Towards SMT model checking of array-based systems. In: Armando, A., Baumgartner, P., Dowek, G. (eds.) IJCAR 2008. LNCS (LNAI), vol. 5195, pp. 67–82. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  12. Li, N., Mao, Z.: Administration in Role Based Access Control. In: Proc. ACM Symp. on Information, Computer, and Communication Security, ASIACCS (2007)

    Google Scholar 

  13. Li, N., Tripunitara, M.V.: Security analysis in role-based access control. ACM Transactions on Information and System Security (TISSEC) 9(4), 391–420 (2006)

    Article  Google Scholar 

  14. Piskac, R., de Moura, L., Bjoerner, N.: Deciding Effectively Propositional Logic Using DPLL and Substitution Sets. J. of Autom. Reas. 44(4), 401–424 (2010)

    Article  MathSciNet  MATH  Google Scholar 

  15. Sandhu, R., Bhamidipati, V., Munawer, Q.: The ARBAC97 model for role-based control administration of roles. ACM Transactions on Information and System Security (TISSEC) 1(2), 105–135 (1999)

    Article  Google Scholar 

  16. Sandhu, R., Coyne, E., Feinstein, H., Youmann, C.: Role-Based Access Control Models. IEEE Computer 2(29), 38–47 (1996)

    Article  Google Scholar 

  17. Sasturkar, A., Yang, P., Stoller, S.D., Ramakrishnan, C.R.: Policy analysis for administrative role based access control. In: Proc. of the 19th Computer Security Foundations (CSF) Workshop, IEEE Computer Society Press, Los Alamitos (July 2006)

    Google Scholar 

  18. Stoller, S.D., Yang, P., Gofman, M.I., Ramakrishnan, C.R.: Symbolic Reachability Analysis for Parameterized Administrative Role Based Access Control. In: Proc. of. SACMAT 2009, pp. 445–454 (2007)

    Google Scholar 

  19. Stoller, S.D., Yang, P., Ramakrishnan, C.R., Gofman, M.I.: Efficient policy analysis for administrative role based access control. In: Proc. of the 14th Conf. on Computer and Communications Security (CCS). ACM Press, New York (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. DIST, Università degli Studi di Genova, Italia

    Alessandro Armando

  2. Security and Trust Unit, FBK, Trento, Italia

    Alessandro Armando & Silvio Ranise

Authors
  1. Alessandro Armando
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Silvio Ranise
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Siemens AG - Corporate Technology, Otto-Hahn-Ring 6, 81730, München, Germany

    Jorge Cuellar

  2. Computer Science Department, E.T.S. Ingenieria Informatica, University of Malaga, Campus de Teatinos, 29170, Malaga, Spain

    Javier Lopez

  3. Facultad de Informatica (UPM), Fundación IMDEA Software, Campus Montegancedo, 28660 Boadilla del Monte, Madrid, Spain

    Gilles Barthe

  4. Certifiable Trustworthy IT Systems, Karlsruhe Institute of Technology (KIT), Am Fasanengarten 5, 76131, Karlsruhe, Germany

    Alexander Pretschner

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Armando, A., Ranise, S. (2011). Automated Symbolic Analysis of ARBAC-Policies. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds) Security and Trust Management. STM 2010. Lecture Notes in Computer Science, vol 6710. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22444-7_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22444-7_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22443-0

  • Online ISBN: 978-3-642-22444-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation