Vac - Verifier of Administrative Role-Based Access Control Policies

  • Anna Lisa Ferrara
  • P. Madhusudan
  • Truc L. Nguyen
  • Gennaro Parlato
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8559)


In this paper we present Vac, an automatic tool for verifying security properties of administrative Role-based Access Control (RBAC). RBAC has become an increasingly popular access control model, particularly suitable for large organizations, and it is implemented in several software. Automatic security analysis of administrative RBAC systems is recognized as an important problem, as an analysis tool can help designers check whether their policies meet expected security properties. Vac converts administrative RBAC policies to imperative programs that simulate the policies both precisely and abstractly and supports several automatic verification back-ends to analyze the resulting programs. In this paper, we describe the architecture of Vac and overview the analysis techniques that have been implemented in the tool. We also report on experiments with several benchmarks from the literature.


Access Control Model Checker Horn Clause Input Format Access Control Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Alberti, F., Armando, A., Ranise, S.: ASASP: Automated Symbolic Analysis of Security Policies. In: Bjørner, N., Sofronie-Stokkermans, V. (eds.) CADE 2011. LNCS, vol. 6803, pp. 26–33. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  2. 2.
    Cimatti, A., Clarke, E.M., Giunchiglia, E., Giunchiglia, F., Pistore, M., Roveri, M., Sebastiani, R., Tacchella, A.: NuSMV: A New Symbolic Model Checker,
  3. 3.
    Cimatti, A., Clarke, E.M., Giunchiglia, E., Giunchiglia, F., Pistore, M., Roveri, M., Sebastiani, R., Tacchella, A.: NuSMV 2: An OpenSource Tool for Symbolic Model Checking. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 359–364. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    de Moura, L., Berdine, J., Bjorner, N.: Z3 High-performance Theorem Prover,
  5. 5.
    Ferraiolo, D., Kuhn, R.: Role-Based Access Control. In: 15th NIST-NCSC National Computer Security Conference, pp. 554–563. Springer (1992)Google Scholar
  6. 6.
    Ferrara, A.L., Fuchsbauer, G., Warinschi, B.: Cryptographically Enforced RBAC. In: CSF, pp. 115–129. IEEE (2013)Google Scholar
  7. 7.
    Ferrara, A.L., Madhusudan, P., Parlato, G.: Security Analysis of Role-Based Access Control through Program Verification. In: CSF, pp. 113–125 (2012)Google Scholar
  8. 8.
    Ferrara, A.L., Madhusudan, P., Parlato, G.: Policy Analysis for Self-administrated Role-Based Access Control. In: Piterman, N., Smolka, S.A. (eds.) TACAS 2013 (ETAPS 2013). LNCS, vol. 7795, pp. 432–447. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  9. 9.
    Ghilardi, S., Ranise, S.: MCMT: A Model Checker Modulo Theories. In: Giesl, J., Hähnle, R. (eds.) IJCAR 2010. LNCS, vol. 6173, pp. 22–29. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Gofman, M.I., Luo, R., Solomon, A.C., Zhang, Y., Yang, P., Stoller, S.D.: RBAC-PAT: A Policy Analysis Tool for Role Based Access Control. In: Kowalewski, S., Philippou, A. (eds.) TACAS 2009. LNCS, vol. 5505, pp. 46–49. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  11. 11.
    Grebenshchikov, S., Gupta, A., Lopes, N.P., Popeea, C., Rybalchenko, A.: HSF(C): A Software Verifier based on Horn Clauses,
  12. 12.
    Grebenshchikov, S., Gupta, A., Lopes, N.P., Popeea, C., Rybalchenko, A.: HSF(C): A Software Verifier Based on Horn Clauses. In: Flanagan, C., König, B. (eds.) TACAS 2012. LNCS, vol. 7214, pp. 549–551. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  13. 13.
    Hoder, K., Bjørner, N., de Moura, L.: μZ– An Efficient Engine for Fixed Points with Constraints. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 457–462. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Hojjat, H., Konečný, F., Garnier, F., Iosif, R., Kuncak, V., Rümmer, P.: A Verification Toolkit for Numerical Transition Systems. In: Giannakopoulou, D., Méry, D. (eds.) FM 2012. LNCS, vol. 7436, pp. 247–251. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  15. 15.
    Hojjat, H., Rümmer, P., Konecny, F.: A Predicate Abstraction Engine,
  16. 16.
    Jayaraman, K., Ganesh, V., Tripunitara, M.V., Rinard, M.C., Chapin, S.J.: Automatic Error Finding in Access-Control Policies. In: CCS, pp. 163–174 (2011)Google Scholar
  17. 17.
    Jayaraman, K., Tripunitara, M.V., Ganesh, V., Rinard, M.C., Chapin, S.J.: Mohawk: Abstraction-Refinement and Bound-Estimation for Verifying Access Control Policies. ACM Trans. Inf. Syst. Secur. 15(4), 18 (2013)CrossRefGoogle Scholar
  18. 18.
    Jeannet, B., Lalire, G., Argoud, M.: The Interproc Analyzer,
  19. 19.
    Jha, S., Li, N., Tripunitara, M., Wang, Q., Winsborough, W.: Towards Formal Verification of Role-Based Access Control Policies. IEEE Transactions on Dependable and Secure Computing 5(4), 242–255 (2008)CrossRefGoogle Scholar
  20. 20.
    Kiefer, S., Schwoon, S., Suwimonteerabuth, D.: A Model Checker for Pushdown Systems,
  21. 21.
    Kroening, D., Clarke, E.: CBMC - Bounded Model Checking for ANSI-C,
  22. 22.
    Kroening, D., Tautschnig, M.: CBMC – C Bounded Model Checker - (Competition Contribution). In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014. LNCS, vol. 8413, pp. 389–391. Springer, Heidelberg (2014)Google Scholar
  23. 23.
    La Torre, S., Madhusudan, P., Parlato, G.: Getafix: A Symbolic Model-checker for Recursive Programs,
  24. 24.
    La Torre, S., Madhusudan, P., Parlato, G.: Analyzing Recursive Programs using a Fixed-point Calculus. In: Hind, M., Diwan, A. (eds.) PLDI, pp. 211–222. ACM (2009)Google Scholar
  25. 25.
    Li, N., Tripunitara, M.V.: Security Analysis in Role-Based Access Control. ACM Trans. Inf. Syst. Secur. 9(4), 391–420 (2006)CrossRefGoogle Scholar
  26. 26.
    Ranise, S., Truong, A., Armando, A.: Boosting Model Checking to Analyse Large ARBAC Policies. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds.) STM 2012. LNCS, vol. 7783, pp. 273–288. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  27. 27.
    Sandhu, R.S., Bhamidipati, V., Munawer, Q.: The ARBAC97 Model for Role-Based Administration of Roles. ACM Trans. Inf. Syst. Secur. 2(1), 105–135 (1999)CrossRefGoogle Scholar
  28. 28.
    Sasturkar, A., Yang, P., Stoller, S.D., Ramakrishnan, C.: Policy analysis for Administrative Role-Based Access Control. Theoretical Computer Science 412(44), 6208–6234 (2011)CrossRefzbMATHMathSciNetGoogle Scholar
  29. 29.
    Schwoon, S.: Model-Checking Pushdown Systems. Ph.D. Thesis, Technische Universität München (June 2002)Google Scholar
  30. 30.
    Stoller, S.D., Yang, P., Ramakrishnan, C.R., Gofman, M.I.: Efficient Policy Analysis for Administrative Role Based Access Control. In: CCS, pp. 445–455 (2007)Google Scholar
  31. 31.
    Uzun, E., Atluri, V., Sural, S., Vaidya, J., Parlato, G., Ferrara, A.L., Madhusudan, P.: Analyzing temporal role based access control models. In: Atluri, V., Vaidya, J., Kern, A., Kantarcioglu, M. (eds.) SACMAT, pp. 177–186. ACM (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Anna Lisa Ferrara
    • 1
  • P. Madhusudan
    • 2
  • Truc L. Nguyen
    • 3
  • Gennaro Parlato
    • 3
  1. 1.University of BristolUK
  2. 2.University of IllinoisUSA
  3. 3.University of SouthamptonUK

Personalised recommendations