Extensions of Role-Based Access Control (RBAC) policies taking into account contextual information (such as time and space) are increasingly being adopted in real-world applications. Their administration is complex since they must satisfy rapidly evolving needs. For this reason, automated techniques to identify unsafe sequences of administrative actions (i.e. actions generating policies by which a user can acquire permissions that may compromise some security goals) are fundamental tools in the administrator's tool-kit. In this paper, we propose a precise and scalable automated analysis technique for the safety of administrative temporal RBAC policies. Our approach is to translate safety problems for this kind of policy to (decidable) reachability problems of a certain class of symbolic transition systems. The correctness of the translation allows us to design a precise analysis technique for the safety of administrative RBAC policies with a finite but unknown number of users. For scalability, we present a heuristics that allows us to reduce the set of administrative actions without losing the precision of the analysis. An extensive experimental analysis confirms the scalability and precision of the approach also in comparison with a recent analysis technique developed for the same class of temporal RBAC policies.
Scalable and precise automated analysis of administrative temporal role-based access control / Ranise, S.; Truong, A.; Armando, A.. - (2014), pp. 103-114. (Intervento presentato al convegno 19th ACM Symposium on Access Control Models and Technologies, SACMAT 2014 tenutosi a London, ON, can nel 2014) [10.1145/2613087.2613102].
Scalable and precise automated analysis of administrative temporal role-based access control
Ranise S.;
2014-01-01
Abstract
Extensions of Role-Based Access Control (RBAC) policies taking into account contextual information (such as time and space) are increasingly being adopted in real-world applications. Their administration is complex since they must satisfy rapidly evolving needs. For this reason, automated techniques to identify unsafe sequences of administrative actions (i.e. actions generating policies by which a user can acquire permissions that may compromise some security goals) are fundamental tools in the administrator's tool-kit. In this paper, we propose a precise and scalable automated analysis technique for the safety of administrative temporal RBAC policies. Our approach is to translate safety problems for this kind of policy to (decidable) reachability problems of a certain class of symbolic transition systems. The correctness of the translation allows us to design a precise analysis technique for the safety of administrative RBAC policies with a finite but unknown number of users. For scalability, we present a heuristics that allows us to reduce the set of administrative actions without losing the precision of the analysis. An extensive experimental analysis confirms the scalability and precision of the approach also in comparison with a recent analysis technique developed for the same class of temporal RBAC policies.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
