Symbolic reachability analysis for parameterized administrative role-based access control

Role-based access control (RBAC) is a widely used access control paradigm. In large organizations, the RBAC policy is managed by multiple administrators. An administrative role-based access control (ARBAC) policy specifies how each administrator may change the RBAC policy. It is often difficult to fully understand the effect of an ARBAC policy by simple inspection, because sequences of changes by different administrators may interact in unexpected ways. ARBAC policy analysis algorithms can help by answering questions, such as user-role reachability, which asks whether a given user can be assigned to given roles by given administrators. Allowing roles and permissions to have parameters significantly enhances the scalability, flexibility, and expressiveness of ARBAC policies. This paper defines PARBAC, which extends the classic ARBAC97 model to support parameters, proves that user-role reachability analysis for PARBAC is undecidable when parameters may range over infinite types, and presents a semi-decision procedure for reachability analysis of PARBAC. To the best of our knowledge, this is the first analysis algorithm specifically for parameterized ARBAC policies. We evaluate its efficiency by analyzing its parameterized complexity and benchmarking it on case studies and synthetic policies. We also experimentally evaluate the effectiveness of several optimizations.

[1]  V. S. Subrahmanian,et al.  Complexity, Decidability and Undecidability Resultsfor Domain-Independent Planning: A Detailed Analysis , 1998 .

[2]  Vineet Kahlon,et al.  Reducing Model Checking of the Many to the Few , 2000, CADE.

[3]  C. R. Ramakrishnan,et al.  Policy Analysis for Administrative Role Based Access Control , 2006, CSFW.

[4]  Somesh Jha,et al.  Verifying parameterized networks , 1997, TOPL.

[5]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[6]  Moritz Y. Becker Specification and Analysis of Dynamic Authorisation Policies , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[7]  Jason Crampton Understanding and developing role-based administrative models , 2005, CCS '05.

[8]  Avrim Blum,et al.  Fast Planning Through Planning Graph Analysis , 1995, IJCAI.

[9]  Ravi S. Sandhu,et al.  An effective role administration model using organization structure , 2006, TSEC.

[10]  Ninghui Li,et al.  Towards Formal Verification of Role-Based Access Control Policies , 2008, IEEE Transactions on Dependable and Secure Computing.

[11]  Ravi S. Sandhu,et al.  The ARBAC99 model for administration of roles , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[12]  Kedar S. Namjoshi,et al.  Reasoning about rings , 1995, POPL '95.

[13]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[14]  Mark Evered,et al.  A Case Study in Access Control Requirements for a Health Information System , 2004, ACSW.

[15]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[16]  Andrew D. Gordon,et al.  Design and Semantics of a Decentralized Authorization Language , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[17]  Emil C. Lupu,et al.  Reconciling role based management and role based access control , 1997, RBAC '97.

[18]  C. R. Ramakrishnan,et al.  Efficient policy analysis for administrative role based access control , 2007, CCS '07.

[19]  Andreas Schaad,et al.  An administration concept for the enterprise role-based access control model , 2003, SACMAT '03.

[20]  Ninghui Li,et al.  Administration in role-based access control , 2007, ASIACCS '07.

[21]  Simon L. Peyton Jones,et al.  Imperative functional programming , 1993, POPL '93.

[22]  Amir Pnueli,et al.  Parameterized Verification with Automatically Computed Inductive Assertions , 2001, CAV.

[23]  Andreas Podelski,et al.  Verification of cryptographic protocols: tagging enforces termination , 2003, Theor. Comput. Sci..

[24]  Michael R. Fellows,et al.  FIXED-PARAMETER TRACTABILITY AND COMPLETENESS , 2022 .

[25]  C. R. Ramakrishnan,et al.  Constraint-Based Model Checking of Data-Independent Systems , 2003, ICFEM.

[26]  Jean Bacon,et al.  A model of OASIS role-based access control and its support for active security , 2002, ACM Trans. Inf. Syst. Secur..

[27]  V. S. Subrahmanian,et al.  Complexity, Decidability and Undecidability Results for Domain-Independent Planning , 1995, Artif. Intell..

[28]  Andreas Schaad,et al.  A lightweight approach to specification and analysis of role-based access control extensions , 2002, SACMAT '02.

[29]  C. R. Ramakrishnan,et al.  Symbolic reachability analysis for parameterized administrative role based access control , 2009, SACMAT '09.

[30]  Moritz Y. Becker Cassandra: flexible trust management and its application to electronic health records , 2005 .

[31]  Pietro Iglio,et al.  Role templates for content-based access control , 1997, RBAC '97.

[32]  George Loizou,et al.  Administrative scope: A foundation for role-based administrative models , 2003, TSEC.