Skip to main content
SpringerLink
Log in

Automated verification of access control policies using a SAT solver

  • Special Section on WQVV 07
  • Published:
International Journal on Software Tools for Technology Transfer Aims and scope Submit manuscript

Abstract

Managing access control policies in modern computer systems can be challenging and error-prone. Combining multiple disparate access policies can introduce unintended consequences. In this paper, we present a formal model for specifying access to resources, a model that encompasses the semantics of the xacml access control language. From this model we define several ordering relations on access control policies that can be used to automatically verify properties of the policies. We present a tool for automatically verifying these properties by translating these ordering relations to Boolean satisfiability problems and then applying a sat solver. Our experimental results demonstrate that automated verification of xacml policies is feasible using this approach.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abad-Peiro, J.L., Debar, H., Schweinberger, T., Trommler, P.: PLAS—Policy language for authorizations. Technical Report RZ 3126, IBM Research Division (1999)

  2. Abadi M., Burrows M., Lampson B., Plotkin G.: A calculus for access control in distributed systems. ACM Trans. Programm. Lang. Syst. 15(4), 706–734 (1993)

    Article  Google Scholar 

  3. Bertino E., Bettini C., Ferrari E., Samarati P.: An access control model supporting periodicity constraints and temporal reasoning. ACM Trans. Database Syst. 23(3), 231–285 (1998)

    Article  Google Scholar 

  4. Bonatti, P., Damiani, E., De Capitani di Vimercati, S., Samarati, P.: An access control model for data archives. In: Proceedings of the 16th International Conference on Information Security: Trusted Information, pp. 261–276. Kluwer International Federation For Information Processing Series Paris, France (2001)

  5. Bonatti P., De Capitani di Vimercati S., Samarati P.: An algebra for composing access control policies. ACM Trans. Inf. Syst. Secur. 5(1), 1–35 (2002)

    Article  Google Scholar 

  6. Brace, K.S., Rudellv, R.L., Bryant, R.E.: Efficient implementation of a bdd package. In: Proceedings of the 27th ACM/IEEE Design Automation Conference, pp. 40–45 (1990)

  7. Damiani, E., De Capitani di Vimercati, S., Fernández-Medina, E., Samarati, P.: Access control of SVG documents. In: Proceedings of DBSec 2002, pp. 219–230 (2002)

  8. Damiani E., De Capitani di Vimercati S., Paraboschi S., Samarati P.: Design and implementation of an access control processor for XML documents. Comput. Netw. 33(1–6), 59–75 (2000)

    Article  Google Scholar 

  9. Damiani E., De Capitani di Vimercati S., Paraboschi S., Samarati P.: A fine-grained access control system for XML documents. ACM Trans. Inf. Syst. Secur. 5(2), 169–202 (2002)

    Article  Google Scholar 

  10. Damiani E., Samarati S.P., De Capitani di Vimercati S., Paraboschi S.: Controlling access to XML documents. IEEE Internet Comput. 5(6), 18–28 (2001)

    Article  Google Scholar 

  11. De Capitani di Vimercati, S., Samarati, P.: Access control in federated systems. In: Proceedings of the 1996 Workshop on New Security Paradigms, pp. 87–99. ACM Press, Lake Arrowhead (1996)

  12. Fisler, K., Krishnamurthi, S., Meyerovich, L.A., Tschantz, M.C.: Verification and change-impact analysis of access-control policies. In: Proceedings of the 27th International Conference on Software Engineering, pp. 196–205, St. Louis, Missouri (2005)

  13. Heckman, M., Levitt, K.N.: Applying the composition principle to verify a hierarchy of security servers. In: HICSS (3), pp. 338–347 (1998)

  14. Hughes, G., Bultan, T.: Automated verification of access control policies. Technical Report 2004-22. Department of Computer Science, University of California, Santa Barbara (2004)

  15. Hughes, G., Bultan, T.: Automated verification of XACML policies using a SAT solver. In: Proceedings of the Workshop on Web Quality, Verification and Validation (WQVV ’07) (2007)

  16. Jackson, D.: Automating first-order relational logic. In: Proceedings of ACM SIGSOFT Conf. Foundations of Software Engineering (2000)

  17. Jackson, D.: Software Abstractions: Logic, Language and Analysis. MIT Press, Cambridge (2006). http://softwareabstractions.org/

  18. Jackson D., Damon C.A.: Elements of style: analyzing a software design feature with a counterexample detector. IEEE. Trans. Softw. Eng. 22(7), 484–495 (1996)

    Article  Google Scholar 

  19. Jackson, D., Schechter, I., Shlyakhter, I.: Alcoa: the Alloy constraint analyzer. In: Proceedings of International Conference on Software Engineering. IEEE, Limerick (2000)

  20. Jajodia S., Samarati P., Sapino M.L., Subrahmanian V.S.: Flexible support for multiple access control policies. ACM Trans. Database Syst. 26(2), 214–260 (2001)

    Article  MATH  Google Scholar 

  21. Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorizations. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, pp. 31–42. IEEE Press, Oakland (1997)

  22. Jajodia, S., Samarati, P., Subrahmanian, V.S., Bertino, E.: A unified framework for enforcing multiple access control policies. In: SIGMOD’97, pp. 474–485. Tucson, AZ (1997)

  23. Krishnamurthi, S.: The Continue server. In: Symposium on the Practical Aspects of Declarative Languages (2003)

  24. Marinov, D., Andoni, A., Danilinc, D., Khurshid, S., Rinard, M.: An evaluation of exhaustive testing for data structures. Technical Report MIT-LCS-TR-921, MIT CSAIL (2003)

  25. Moskewicz, M., Madigan, C., Zhao, Y., Zhang, L., Malik, S.: Chaff: engineering an efficient SAT solver. In: 39th Design Automation Conference (DAC 2001), Las Vegas (2001)

  26. Naumovich, G.: A conservative algorithm for computing the flow of permissions in Java programs. In: Proceedings of the International Symposium on Software Testing and Analysis (ISSTA ’02), pp. 33–43 (2002)

  27. Plaisted D.A., Greenbaum S.: A structure-preserving clause form translation. J. Symb. Comput. 2, 293–304 (1986)

    Article  MATH  MathSciNet  Google Scholar 

  28. Samarati, P., De Capitani di Vimercati, S.: Foundations of Security Analysis and Design. Chap. 3, pp. 137–196. Springer, Heidelberg (2001)

  29. Sandhu R., Samarati P.: Authentication, access control, and audit. ACM Comput. Surv. 28(1), 241–243 (1996)

    Article  Google Scholar 

  30. Sandhu R.S.: Lattice-based access control models. IEEE Comput. 26(11), 9–19 (1993)

    Google Scholar 

  31. Sandhu R.S., Coyne E.J., Feinstein H.L., Youman C.E.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)

    Google Scholar 

  32. Sandhu R.S., Samarati P.: Access control: principles and practice. IEEE Commun. Mag. 32(9), 40–48 (1994)

    Article  Google Scholar 

  33. Schaad, A., Moffet, J.: A lightweight approach to specification and analysis of role-based access control extensions. In: 7th ACM Symposium on Access Control Models and Technologies (SACMAT 2002) (2002)

  34. eXtensible Access Control Markup Language (XACML) Version 1.0. OASIS Standard (2003). http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml

  35. Extensible markup language (XML) 1.0, 2nd edn. W3C (2000). http://www.w3.org/TR/REC-xml

  36. XML Schema part 2: Datatypes. W3C Recommendation (2001). http://www.w3.org/TR/xmlschema-2/

  37. Zao, J., Wee, H., Chu, J., Jackson, D.: RBAC schema verification using lightweight formal model and constraint analysis. In: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies (2003)

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, University of California, Santa Barbara, CA, 93106, USA

    Graham Hughes & Tevfik Bultan

Authors
  1. Graham Hughes
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tevfik Bultan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Graham Hughes.

Additional information

This work is supported by NSF grants CCF-0614002 and CCF-0716095.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Hughes, G., Bultan, T. Automated verification of access control policies using a SAT solver. Int J Softw Tools Technol Transfer 10, 503–520 (2008). https://doi.org/10.1007/s10009-008-0087-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10009-008-0087-9

Keywords

Search

Navigation