Boosting Model Checking to Analyse Large ARBAC Policies

  • Silvio Ranise
  • Anh Truong
  • Alessandro Armando
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7783)


The administration of access control policies is a task of paramount importance for distributed systems. A crucial analysis problem is to foresee if a set of administrators can give a user an access permission. We consider this analysis problem in the context of the Administrative Role-Based Access Control (ARBAC), one of the most widespread administrative models. Given the difficulty of taking into account the effect of all possible administrative actions, automated analysis techniques are needed. In this paper, we describe how a model checker can scale up to handle very large ARBAC policies while ensuring completeness. An extensive experimentation shows that an implementation of our techniques performs significantly better than Mohawk, a recently proposed tool that has become the reference for finding errors in ARBAC policies.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    Alberti, F., Armando, A., Ranise, S.: ASASP: Automated Symbolic Analysis of Security Policies. In: Bjørner, N., Sofronie-Stokkermans, V. (eds.) CADE 2011. LNCS, vol. 6803, pp. 26–33. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Alberti, F., Armando, A., Ranise, S.: Efficient Symbolic Automated Analysis of Administrative Role Based Access Control Policies. In: ASIACCS, ACM Pr. (2011)Google Scholar
  4. 4.
    Armando, A., Ranise, S.: Automated Symbolic Analysis of ARBAC-Policies. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds.) STM 2010. LNCS, vol. 6710, pp. 17–34. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    Crampton, J.: Understanding and developing role-based administrative models. In: Proc. 12th CCS, pp. 158–167. ACM Press (2005)Google Scholar
  6. 6.
    Ferrara, A.L., Madhusudan, P., Parlato, G.: Security Analysis of Access Control Policies through Program Verification. In: CSF (2012)Google Scholar
  7. 7.
    Ghilardi, S., Ranise, S.: Backward Reachability of Array-based Systems by SMT solving: Termination and Invariant Synthesis. In: LMCS, vol. 6(4) (2010)Google Scholar
  8. 8.
    Gofman, M.I., Luo, R., Solomon, A.C., Zhang, Y., Yang, P., Stoller, S.D.: Rbac-Pat: A policy analysis tool for role based access control. In: Kowalewski, S., Philippou, A. (eds.) TACAS 2009. LNCS, vol. 5505, pp. 46–49. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  9. 9.
    Jayaraman, K., Ganesh, V., Tripunitara, M., Rinard, M., Chapin, S.: Automatic Error Finding for Access-Control Policies. In: CCS, ACM (2011)Google Scholar
  10. 10.
    Jha, S., Li, N., Tripunitara, M.V., Wang, Q., Winsborough, H.: Towards formal verification of role-based access control policies. IEEE TDSC 5(4), 242–255 (2008)Google Scholar
  11. 11.
    Li, N., Tripunitara, M.V.: Security analysis in role-based access control. ACM TISSEC 9(4), 391–420 (2006)CrossRefGoogle Scholar
  12. 12.
    Sandhu, R., Coyne, E., Feinstein, H., Youmann, C.: Role-Based Access Control Models. IEEE Computer 2(29), 38–47 (1996)CrossRefGoogle Scholar
  13. 13.
    Sasturkar, A., Yang, P., Stoller, S.D., Ramakrishnan, C.R.: Policy analysis for administrative role based access control. In: CSF. IEEE Press (July 2006)Google Scholar
  14. 14.
    Stoller, S.D., Yang, P., Ramakrishnan, C.R., Gofman, M.I.: Efficient policy analysis for administrative role based access control. In: CCS. ACM Press (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Silvio Ranise
    • 1
  • Anh Truong
    • 1
  • Alessandro Armando
    • 1
    • 2
  1. 1.Security and Trust UnitFBK-IrstTrentoItalia
  2. 2.DISTUniversità degli Studi di GenovaItalia

Personalised recommendations