ASASP: Automated Symbolic Analysis of Security Policies

  • Francesco Alberti
  • Alessandro Armando
  • Silvio Ranise
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6803)

Abstract

We describe asasp, a symbolic reachability procedure for the analysis of administrative access control policies. The tool represents access policies and their administrative actions as formulae of the Bernays-Shönfinkel-Ramsey class and then uses a symbolic reachability procedure to solve security analysis problems. Checks for fix-point—reduced to satisfiability problems—are mechanized by Satisfiability Modulo Theories solving and Automated Theorem Proving. asasp has been successfully applied to the analysis of benchmark problems arising in (extensions of) the Role-Based Access Control model. Our tool shows better scalability than a state-of-the-art tool on a significant set of instances of these problems.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Alberti, F., Armando, A., Ranise, S.: Efficient Symbolic Automated Analysis of Administrative Role Based Access Control Policies. In: ASIACCS (2011)Google Scholar
  2. 2.
    Ghilardi, S., Ranise, S.: Backward Reachability of Array-based Systems by SMT solving: Termination and Invariant Synthesis. In: LMCS, vol. 6(4) (2010)Google Scholar
  3. 3.
    Ghilardi, S., Ranise, S.: MCMT: A Model Checker Modulo Theories. In: Giesl, J., Hähnle, R. (eds.) IJCAR 2010. LNCS, vol. 6173, pp. 22–29. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  4. 4.
    Gofman, M.I., Luo, R., Yang, P.: User-Role Reachability Analysis of Evolving Administrative Role Based Access Control. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 455–471. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  5. 5.
  6. 6.
    Ramsey, F.P.: On a problem in formal logic. Proc. of the London Mathematical Society, 264–286 (1930)Google Scholar
  7. 7.
    Sasturkar, A., Yang, P., Stoller, S.D., Ramakrishnan, C.R.: Policy analysis for administrative role based access control. In: 19th CSF Workshop. IEEE, New York (2006)Google Scholar
  8. 8.
  9. 9.
  10. 10.
    Stoller, S.D., Yang, P., Ramakrishnan, C.R., Gofman, M.I.: Efficient policy analysis for administrative role based access control. In: ACM CCS (2007)Google Scholar
  11. 11.
  12. 12.

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Francesco Alberti
    • 1
  • Alessandro Armando
    • 2
    • 3
  • Silvio Ranise
    • 3
  1. 1.Università della Svizzera ItalianaLugano (Svizzera)Italia
  2. 2.Università degli Studi di GenovaItalia
  3. 3.FBK-IrstTrentoItalia

Personalised recommendations