Conformance Checking of Dynamic Access Control Policies

  • David Power
  • Mark Slaymaker
  • Andrew Simpson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6991)


The capture, deployment and enforcement of appropriate access control policies are crucial aspects of many modern software-based systems. Previously, there has been a significant amount of research undertaken with respect to the formal modelling and analysis of access control policies; however, only a limited proportion of this work has been concerned with dynamic policies. In this paper we explore techniques for the modelling, analysis and subsequent deployment of such policies—which may rely on external data. We use the Alloy modelling language to describe constraints on policies and external data; utilising these constraints, we test static instances constructed from the current state of the external data. We present Gauge, a constraint checker for static instances that has been developed to be complementary to Alloy, and show how it is possible to test systems of much greater complexity via Gauge than can typically be handled by a model finder.


Access Control Policy Language External Data Access Control Policy Access Control Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Kumar, A., Karnik, N., Chafle, G.: Context sensitivity in role-based access control. ACM SIGOPS Operating Systems Review 36(3), 53–66 (2002)CrossRefGoogle Scholar
  2. 2.
    Bhatti, R., Bertino, E., Ghafoor, A.: A trust-based context-aware access control model for web-services. Distributed and Parallel Databases 18(1), 83–105 (2005)CrossRefGoogle Scholar
  3. 3.
    Hulsebosch, R.J., Salden, A.H., Bargh, M.S., Ebben, P.W.G., Reitsma, J.: Context sensitive access control. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT 2005), pp. 111–119 (2005)Google Scholar
  4. 4.
    Dougherty, D.J., Fisler, K., Krishnamurthi, S.: Specifying and reasoning about dynamic access-control policies. In: Furbach, U., Shankar, N. (eds.) IJCAR 2006. LNCS (LNAI), vol. 4130, pp. 632–646. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Simpson, A.C., Power, D.J., Russell, D., Slaymaker, M.A., Kouadri-Mostefaoui, G., Ma, X., Wilson, G.: A healthcare-driven framework for facilitating the secure sharing of data across organisational boundaries. Studies in Health Technology and Informatics 138, 3–12 (2008)Google Scholar
  6. 6.
    Slaymaker, M.A., Power, D.J., Russell, D., Simpson, A.C.: On the facilitation of fine-grained access to distributed healthcare data. In: Jonker, W., Petković, M. (eds.) SDM 2008. LNCS, vol. 5159, pp. 169–184. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Ferraiolo, D.F., Sandhu, R.S., Gavrilla, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Transactions on Information and Systems Security 4(3), 224–274 (2001)CrossRefGoogle Scholar
  8. 8.
    Zhang, N., Ryan, M., Guelev, D.P.: Synthesising verified access control systems in XACML. In: Proceedings of the 2nd ACM Workshop on Formal Methods in Security Engineering (FMSE 2004), pp. 56–65 (2004)Google Scholar
  9. 9.
    Bryans, J.W., Fitzgerald, J.S.: Formal engineering of XACML access control policies in VDM++. In: Butler, M., Hinchey, M.G., Larrondo-Petrie, M.M. (eds.) ICFEM 2007. LNCS, vol. 4789, pp. 37–56. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Jackson, D.: Software Abstractions: Logic, Language, and Analysis. MIT Press, Cambridge (2006)Google Scholar
  11. 11.
    Schaad, A., Moffett, J.D.: A lightweight approach to specification and analysis of role-based access control extensions. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002), pp. 13–22 (2002)Google Scholar
  12. 12.
    Hughes, G., Bultan, T.: Automated verification of access control policies. Technical Report 2004-22, University of California, Santa Barbara (2004)Google Scholar
  13. 13.
    Fisler, K., Krishnamurthi, S., Meyerovich, L., Tshantz, M.C.: Verification and change-impact analysis of access-control policies. In: Inverardi, P., Jazayeri, M. (eds.) ICSE 2005. LNCS, vol. 4309, pp. 196–205. Springer, Heidelberg (2006)Google Scholar
  14. 14.
    Frias, M.F., Galeotti, J.P., Pombo, C.G.L., Aguirre, N.M.: DynAlloy: upgrading Alloy with actions. In: Inverardi, P., Jazayeri, M. (eds.) ICSE 2005. LNCS, vol. 4309, pp. 442–451. Springer, Heidelberg (2006)Google Scholar
  15. 15.
    Frias, M.F., Pombo, C.G.L., Galeotti, J.P., Aguirre, N.M.: Efficient analysis of DynAlloy specifications. ACM Transactions on Software Engineering and Methodology (TOSEM) 17(1), Article number 4 (2007)Google Scholar
  16. 16.
    Shaikh, R.A., Adi, K., Logrippo, L., Mankovski, S.: Inconsistency detection method for access control policies. In: Proceedings of 6th International Conference on Information Assurance and Security (IAS 2010), pp. 204–209 (2010)Google Scholar
  17. 17.
    Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Communications of the ACM 19(8), 461–471 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Power, D.J., Slaymaker, M.A., Simpson, A.C.: On formalizing and normalizing role-based access control systems. The Computer Journal 52(3), 305–325 (2009)CrossRefGoogle Scholar
  19. 19.
    Power, D.J., Slaymaker, M.A., Simpson, A.C.: Automatic conformance checking of role-based access control policies via alloy. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 15–28. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  20. 20.
    Ahn, G.J., Sandhu, R.S.: Role-based authorization constraint specification. ACM Transactions on Information and Systems Security 3(4), 207–226 (2000)CrossRefGoogle Scholar
  21. 21.
    Crampton, J.: Specifying and enforcing constraints in role-based access control. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003), pp. 43–50 (2003)Google Scholar
  22. 22.
    Power, D.J., Politou, E.A., Slaymaker, M.A., Simpson, A.C.: Towards secure grid-enabled healthcare. Software: Practice and Experience 35(9), 857–871 (2005)Google Scholar
  23. 23.
    Hosmer, H.H.: Metapolicies I. ACM SIGSAC Review 10(2-3), 18–43 (1992)CrossRefGoogle Scholar
  24. 24.
    Spivey, J.M.: The Z Notation: A Reference Manual. Prentice-Hall, Englewood Cliffs (1992)zbMATHGoogle Scholar
  25. 25.
    Woodcock, J.C.P., Davies, J.W.M.: Using Z: Specification, Refinement, and Proof. Prentice-Hall, Englewood Cliffs (1996)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • David Power
    • 1
  • Mark Slaymaker
    • 1
  • Andrew Simpson
    • 1
  1. 1.Oxford University Computing LaboratoryOxfordUK

Personalised recommendations