Model Checking for Verification of Mandatory Access Control Models and Properties

Mandatory access control (MAC) mechanisms control which users or processes have access to which resources in a system. MAC policies are increasingly specified to facilitate managing and maintaining access control. However, the correct specification of the policies is a very challenging problem. To formally and precisely capture the security properties that MAC should adhere to, MAC models are usually written to bridge the rather wide gap in abstraction between policies and mechanisms. In this paper, we propose a general approach for property verification for MAC models. The approach defines a standardized structure for MAC models, providing for both property verification and automated generation of test cases. The approach expresses MAC models in the specification language of a model checker and expresses generic access control properties in the property language. Then the approach uses the model checker to verify the integrity, coverage, and confinement of these properties for the MAC models and finally generates test cases via combinatorial covering array for the system implementations of the models.

[1]  Tao Xie,et al.  Automated Test Generation for Access Control Policies via Change-Impact Analysis , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).

[2]  Tao Xie,et al.  Assessing Quality of Policy Properties in Verification of Access Control Policies , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[3]  Tao Xie,et al.  A fault model and mutation testing of access control policies , 2007, WWW '07.

[4]  Sabrina De Capitani di Vimercati,et al.  A modular approach to composing access control policies , 2000, CCS.

[5]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[6]  J. T. Lochner The Journal of Defense Software Engineering , 1999 .

[7]  Andreas Schaad,et al.  A model-checking approach to analysing organisational controls in a loan origination process , 2006, SACMAT '06.

[8]  Evan Martin,et al.  Automated test generation for access control policies , 2006, OOPSLA '06.

[9]  Tao Xie,et al.  Inferring access-control policy properties via machine learning , 2006, Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06).

[10]  Tao Xie,et al.  Defining and Measuring Policy Coverage in Testing Access Control Policies , 2006, ICICS.

[11]  Tsuneo Katsuyama,et al.  Policy Verification and Validation Framework Based on Model Checking Approach , 2007, Fourth International Conference on Autonomic Computing (ICAC'07).

[12]  Mark Ryan,et al.  Evaluating Access Control Policies Through Model Checking , 2005, ISC.

[13]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[14]  Mordechai Ben-Ari,et al.  The temporal logic of branching time , 1981, POPL '81.

[15]  Tao Xie,et al.  Conformance Checking of Access Control Policies Specified in XACML , 2007, 31st Annual International Computer Software and Applications Conference (COMPSAC 2007).

[16]  Ravi S. Sandhu,et al.  The ARBAC97 model for role-based administration of roles: preliminary description and outline , 1997, RBAC '97.

[17]  D. Richard Kuhn,et al.  Pseudo-Exhaustive Testing for Software , 2006, 2006 30th Annual IEEE/NASA Software Engineering Workshop.

[18]  Tao Xie,et al.  Property Verification for Generic Access Control Models , 2008, 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[19]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[20]  Deborah A. Frincke,et al.  The Policy Machine for Security Policy Management , 2001, International Conference on Computational Science.

[21]  Anneli Folkesson,et al.  Secure Computer Systems , 2013 .

[22]  Michiharu Kudo,et al.  XML document security based on provisional authorization , 2000, CCS.

[23]  Trent Jaeger,et al.  Practical safety in flexible access control models , 2001, TSEC.

[24]  Amir Pnueli The Temporal Semantics of Concurrent Programs , 1981, Theor. Comput. Sci..

[25]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[26]  Emil C. Lupu,et al.  Conflicts in Policy-Based Distributed Systems Management , 1999, IEEE Trans. Software Eng..