One of the most widespread framework for the management of access-control policies is Administrative Role Based Access Control (ARBAC). Several automated analysis techniques have been proposed to help maintaining desirable security properties of ARBAC policies. One limitation of many available techniques is that the sets of users and roles are bounded. In this paper, we propose a symbolic framework to overcome this difficulty. We design an automated security analysis technique, parametric in the number of users and roles, by adapting recent methods for model checking infinite state systems that use first-order logic and state-of-the-art theorem proving techniques. Preliminary experiments with a prototype implementations seem to confirm the scalability of our technique.
Automated Symbolic Analysis of ARBAC-Policies / Armando, A; Ranise, S. - 6710:(2011), pp. 17-+. (Intervento presentato al convegno 6th International Workshop on Security and Trust Management (STM 2010) tenutosi a Greece nel 23-24/09/2010).
Automated Symbolic Analysis of ARBAC-Policies
Ranise, S
2011-01-01
Abstract
One of the most widespread framework for the management of access-control policies is Administrative Role Based Access Control (ARBAC). Several automated analysis techniques have been proposed to help maintaining desirable security properties of ARBAC policies. One limitation of many available techniques is that the sets of users and roles are bounded. In this paper, we propose a symbolic framework to overcome this difficulty. We design an automated security analysis technique, parametric in the number of users and roles, by adapting recent methods for model checking infinite state systems that use first-order logic and state-of-the-art theorem proving techniques. Preliminary experiments with a prototype implementations seem to confirm the scalability of our technique.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
