ASASP: Automated Symbolic Analysis of Security Policies
We describe asasp, a symbolic reachability procedure for the analysis of administrative access control policies. The tool represents access policies and their administrative actions as formulae of the Bernays-Shönfinkel-Ramsey class and then uses a symbolic reachability procedure to solve security analysis problems. Checks for fix-point—reduced to satisfiability problems—are mechanized by Satisfiability Modulo Theories solving and Automated Theorem Proving. asasp has been successfully applied to the analysis of benchmark problems arising in (extensions of) the Role-Based Access Control model. Our tool shows better scalability than a state-of-the-art tool on a significant set of instances of these problems.
Unable to display preview. Download preview PDF.
- 1.Alberti, F., Armando, A., Ranise, S.: Efficient Symbolic Automated Analysis of Administrative Role Based Access Control Policies. In: ASIACCS (2011)Google Scholar
- 2.Ghilardi, S., Ranise, S.: Backward Reachability of Array-based Systems by SMT solving: Termination and Invariant Synthesis. In: LMCS, vol. 6(4) (2010)Google Scholar
- 6.Ramsey, F.P.: On a problem in formal logic. Proc. of the London Mathematical Society, 264–286 (1930)Google Scholar
- 7.Sasturkar, A., Yang, P., Stoller, S.D., Ramakrishnan, C.R.: Policy analysis for administrative role based access control. In: 19th CSF Workshop. IEEE, New York (2006)Google Scholar
- 8.SMT- LIB: http://www.smt-lib.org
- 9.SPASS, http://www.spass-prover.org
- 10.Stoller, S.D., Yang, P., Ramakrishnan, C.R., Gofman, M.I.: Efficient policy analysis for administrative role based access control. In: ACM CCS (2007)Google Scholar