Automated Symbolic Analysis of ARBAC-Policies

One of the most widespread framework for the management of access-control policies is Administrative Role Based Access Control (ARBAC). Several automated analysis techniques have been proposed to help maintaining desirable security properties of ARBAC policies. One limitation of many available techniques is that the sets of users and roles are bounded. In this paper, we propose a symbolic framework to overcome this difficulty. We design an automated security analysis technique, parametric in the number of users and roles, by adapting recent methods for model checking infinite state systems that use first-order logic and state-of-the-art theorem proving techniques. Preliminary experiments with a prototype implementations seem to confirm the scalability of our technique.

[1]  Alessandro Armando,et al.  Efficient symbolic automated analysis of administrative attribute-based RBAC-policies , 2011, ASIACCS '11.

[2]  Zijiang Yang,et al.  Policy analysis for administrative role based access control , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[3]  Wilfrid Hodges,et al.  Model Theory: The existential case , 1993 .

[4]  Ninghui Li,et al.  Security analysis in role-based access control , 2004, SACMAT '04.

[5]  Keith L. Clark,et al.  Negation as Failure , 1987, Logic and Data Bases.

[6]  Parosh Aziz Abdulla,et al.  Parameterized Verification of Infinite-State Processes with Global Conditions , 2007, CAV.

[7]  Ninghui Li,et al.  Administration in role-based access control , 2007, ASIACCS '07.

[8]  Parosh Aziz Abdulla,et al.  Model checking of systems with many identical timed processes , 2003, Theor. Comput. Sci..

[9]  Moritz Y. Becker Specification and Analysis of Dynamic Authorisation Policies , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[10]  Ruzica Piskac,et al.  Deciding Effectively Propositional Logic Using DPLL and Substitution Sets , 2010, Journal of Automated Reasoning.

[11]  Johann Eder,et al.  Logic and Databases , 1992, Advanced Topics in Artificial Intelligence.

[12]  Silvio Ghilardi,et al.  Towards SMT Model Checking of Array-Based Systems , 2008, IJCAR.

[13]  C. R. Ramakrishnan,et al.  Efficient policy analysis for administrative role based access control , 2007, CCS '07.

[14]  Larry Wos,et al.  What Is Automated Reasoning? , 1987, J. Autom. Reason..

[15]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[16]  Jason Crampton Understanding and developing role-based administrative models , 2005, CCS '05.

[17]  Herbert B. Enderton,et al.  A mathematical introduction to logic , 1972 .

[18]  Luca Viganò,et al.  Verifying the Interplay of Authorization Policies and Workflow in Service-Oriented Architectures , 2009, 2009 International Conference on Computational Science and Engineering.

[19]  Silvio Ranise,et al.  Automated Symbolic Analysis of ARBAC-Policies (Extended Version) , 2010, ArXiv.

[20]  L. Dickson Finiteness of the Odd Perfect and Primitive Abundant Numbers with n Distinct Prime Factors , 1913 .

[21]  C. R. Ramakrishnan,et al.  Symbolic reachability analysis for parameterized administrative role based access control , 2009, SACMAT '09.