Automated Detection of Information Leakage in Access Control

The prevention of information flow is an important concern in several access control models. Even though this property is stated in the model specification, it is not easy to verify it in the actual implementation of a given security policy. In this paper we model-check rewrite-based implementations of access control policies. We propose a general algorithm that allows one to automatically identify information leakage. We apply our approach to the well-known security model of Bell and LaPadula and show that its generalization proposed by McLean does not protect a system against information leakage.

[1]  Pierre-Etienne Moreau,et al.  Tom: Piggybacking Rewriting on Java , 2007, RTA.

[2]  Claude Kirchner,et al.  Formal validation of pattern matching code , 2005, Trustworthy Software.

[3]  Len LaPadula,et al.  Secure Computer Systems: A Mathematical Model , 1996 .

[4]  Kathi Fisler,et al.  Specifying and Reasoning About Dynamic Access-Control Policies , 2006, IJCAR.

[5]  Charles Morisset,et al.  Towards a formal specification of access control , 2006 .

[6]  Maribel Fernández,et al.  Term Rewriting for Access Control , 2006, DBSec.

[7]  Enno Ohlebusch,et al.  Term Rewriting Systems , 2002 .

[8]  Jürgen Giesl,et al.  Automated Termination Analysis for Logic Programs by Term Rewriting , 2006, LOPSTR.

[9]  Pierre-Yves Schobbens,et al.  Model-Checking Access Control Policies , 2004, ISC.

[10]  Anderson Santana de Oliveira Rewriting-Based Access Control Policies , 2006, SecReT@ICALP.

[11]  Thomas Genet Contraintes d'ordre et automates d'arbres pour les preuves de terminaison. (Ordering constraints and tree automata for proving termination) , 1998 .

[12]  Horatiu Cirstea,et al.  Rule-based Programming in Java For Protocol Verification , 2004, WRLA.

[13]  Chang Liu,et al.  Term rewriting and all that , 2000, SOEN.

[14]  John McLean,et al.  The algebra of security , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[15]  Jon G. Riecke,et al.  The SLam calculus: programming with secrecy and integrity , 1998, POPL '98.

[16]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.