HBAC: A Model for History-Based Access Control and Its Model Checking

  • Jing Wang
  • Yoshiaki Takata
  • Hiroyuki Seki
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4189)


Stack inspection is now broadly used as dynamic access control infrastructure in such runtime environments as Java virtual machines and Common Language Runtime. However, stack inspection is not sufficient for security assurance since the stack does not retain security information on the invoked methods for which execution is finished. To solve this problem, access control models based on execution history have been proposed. This paper presents a formal model for programs with access control based on execution history, which are called HBAC programs. Their expressive power is shown to be strictly stronger than programs with stack inspection. It is also shown that the verification problem for HBAC programs is EXPTIME-complete, while the problem is solvable in polynomial time under a reasonable assumption. Finally, this paper presents a few optimization techniques used in the implementation of a verification tool for HBAC programs. The results of experiments show that the tool can verify practical HBAC programs within a reasonable time.


Access Control Access Control Model Check Node Model Check Problem Model Check Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Fournet, C.: Access control based on execution history. In: Network & Distributed System Security Symp., pp. 107–121 (2003)Google Scholar
  2. 2.
    Banerjee, A., Naumann, J.D.A.: History-based access control and secure information flow. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 27–48. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Bartoletti, M., Degano, P., Ferrari, G.L.: History-based access control with local policies. In: Walukiewicz, I. (ed.) FOSSACS 2004. LNCS, vol. 2987, pp. 316–332. Springer, Heidelberg (2004)Google Scholar
  4. 4.
    Bartoletti, M., Degano, P., Ferrari, G.L.: Enforcing secure service composition. In: IEEE 18th CSFW, pp. 211–223 (2005)Google Scholar
  5. 5.
    Brewer, D.F.C., Nash, M.J.: The Chinese wall security policy. IEEE Security & Privacy, pp. 206–214 (1989)Google Scholar
  6. 6.
    Cohen, R.S., Gold, A.Y.: Theory of ω-languages. I: Characterizations of ω-context-free languages. J. of Computer & System Science 15, 169–184 (1977)MathSciNetMATHCrossRefGoogle Scholar
  7. 7.
    Chandra, A.K., Kozen, D.C., Stockmeyer, L.J.: Alternation. J. of the ACM 28, 114–133 (1981)CrossRefMathSciNetMATHGoogle Scholar
  8. 8.
    Clarke Jr., E.M., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (2000)Google Scholar
  9. 9.
    Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to algorithms. MIT Press, Cambridge (2003)Google Scholar
  10. 10.
    Esparza, J., Hansel, D., Rossmanith, P., Schwoon, S.: Efficient algorithms for model-checking pushdown systems. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 232–247. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Erlingsson, Ú., Schneider, F.B.: IRM enforcement of Java stack inspection. IEEE Security & Privacy, pp. 246–255 (2000)Google Scholar
  12. 12.
    Esparza, J., Kučera, A., Schwoon, S.: Model-checking LTL with regular valuations for pushdown systems. In: Kobayashi, N., Pierce, B.C. (eds.) TACS 2001. LNCS, vol. 2215, pp. 316–339. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Esparza, J., Schwoon, S.: A BDD-based model checker for recursive programs. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 324–336. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Fong, P.W.: Access control by tracking shallow execution history. IEEE Security & Privacy, pp. 43–55 (2004)Google Scholar
  15. 15.
    Gong, L., Mueller, M., Prafullchandra, H., Schemers, R.: Going beyond the sandbox: An overview of the new security architecture in the JavaTM development kit 1.2. In: USENIX Symp. on Internet Technologies and Systems, pp. 103–112 (1997)Google Scholar
  16. 16.
    Hamlen, K.W., Morrisett, G., Schneider, F.B.: Certified in-lined reference monitoring on. NET. Cornell University Computing and Information Science Technical Report, TR2005-2003 (2005)Google Scholar
  17. 17.
    Hopcroft, J.E., Motwani, R., Ullman, J.D.: Introduction to automata theory, languages, and computation. Addison-Wesley, Reading (2001)MATHGoogle Scholar
  18. 18.
    Jensen, T., Le Métayer, D., Thorn, T.: Verification of control flow based security properties. IEEE Security & Privacy, 89–103 (1999)Google Scholar
  19. 19.
    Kuninobu, S., Takata, Y., Taguchi, D., Nakae, M., Seki, H.: A specification language for distributed policy control. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 386–398. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  20. 20.
    Nitta, N., Takata, Y., Seki, H.: An efficient security verification method for programs with stack inspection. In: 8th ACM Computer & Communications Security, pp. 68–77 (2001)Google Scholar
  21. 21.
    Schaad, A., Moffett, J., Jacob, J.: The role-based access control system of a European bank: a case study and discussion. In: 6th ACM Symp. on Access Control Models and Technologies, pp. 3–9 (2001)Google Scholar
  22. 22.
    Schneider, F.B.: Enforceable security policies. ACM Trans. on Information & System Security 3(1), 30–50 (2000)CrossRefGoogle Scholar
  23. 23.
    Volpano, D., Smith, G.: A type-based approach to program security. In: Bidoit, M., Dauchet, M. (eds.) CAAP 1997, FASE 1997, and TAPSOFT 1997. LNCS, vol. 1214, pp. 607–621. Springer, Heidelberg (1997)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Jing Wang
    • 1
  • Yoshiaki Takata
    • 1
  • Hiroyuki Seki
    • 1
  1. 1.Graduate School of Information ScienceNara Institute of Science and TechnologyIkoma, NaraJapan

Personalised recommendations