Model Checking for Verification of Mandatory Access Control Models and Properties

@article{Hu2011ModelCF,
  title={Model Checking for Verification of Mandatory Access Control Models and Properties},
  author={Vincent C. Hu and D. Richard Kuhn and Tao Xie and JeeHyun Hwang},
  journal={Int. J. Softw. Eng. Knowl. Eng.},
  year={2011},
  volume={21},
  pages={103-127}
}
Mandatory access control (MAC) mechanisms control which users or processes have access to which resources in a system. MAC policies are increasingly specified to facilitate managing and maintaining access control. However, the correct specification of the policies is a very challenging problem. To formally and precisely capture the security properties that MAC should adhere to, MAC models are usually written to bridge the rather wide gap in abstraction between policies and mechanisms. In this… 

Figures and Tables from this paper

Verification and Test Methods for Access Control Policies/Models
TLDR
Verifying the conformance of access control policies and models is a non-trivial and critical task, and one important aspect of such verification is to formally check the inconsistency and incompleteness of the model and safety requirements of the policy.
General Methods for Access Control Policy Verification
TLDR
Verifying the conformance of access control policies and models is a non-trivial and critical task, and one important aspect of such verification is to formally check the inconsistency and incompleteness of the model and safety requirements of the policy.
General Methods for Access Control Policy Verification (Application Paper)
  • Vincent C. Hu, D. R. Kuhn
  • Computer Science
    2016 IEEE 17th International Conference on Information Reuse and Integration (IRI)
  • 2016
TLDR
Verifying the conformance of access control policies and models is a non-trivial and critical task, and one important aspect of such verification is to formally check the inconsistency and incompleteness of the model and safety requirements of the policy.
Verification of Secure Inter-operation Properties in Multi-domain RBAC Systems
TLDR
This paper proposes a formal definition in temporal logic of four AC system properties regarding secure inter-operation with Role-Based Access Control (RBAC) policies in order to be verified by using model checking.
Towards the Formal Development of Software Based Systems: Access Control System as a Case Study
TLDR
This approach addresses the model checking of critical properties of access control systems and aims at improving their reliability by using property based testing to analyze the corresponding software code.
Specification and Analysis of Attribute-Based Access Control Policies: An Overview
  • Dianxiang Xu, Yunpeng Zhang
  • Computer Science
    2014 IEEE Eighth International Conference on Software Security and Reliability-Companion
  • 2014
TLDR
This paper presents an overview of the existing work on specification, dynamic testing, and static verification of ABAC policies, and provides an understanding about the limitations and open issues of theexisting work.
Evaluating the capability and performance of access control policy verification tools
TLDR
A set of reference metrics for analytically evaluating, as well as sets of oracles and test cases for empirically checking the run-time capability and performance of ACPV tools.
Attribute Relations Specifications and Constraints Using Attribute Based Mechanism of Policy Machine
TLDR
This paper shows the deficiencies of XACML in specifying and constraining such capabilities in the implementations of the Multilevel Security, Hierarchical Role Based, Separation of Duty, and Safety requirements of access control systems, and demonstrates the mechanisms for the capabilities provided by a relation-based access control mechanism – the Policy Machine.
ACPT: A Tool for Modeling and Verifying Access Control Policies
TLDR
A tool is developed, called ACPT (Access Control Policy Testing), that helps to model and implement policies correctly during policy modeling, implementation, and verification of access control policies.
Real-Time Access Control Rule Fault Detection Using a Simulated Logic Circuit
TLDR
The real-time fault detecting capability proposed by this research allows a rule fault to be detected and fixed immediately before the next rule is added to the policy/model, thus requiring no later verification and saving a significant amount of fault fixing time.
...
...

References

SHOWING 1-10 OF 57 REFERENCES
Property Verification for Generic Access Control Models
TLDR
This paper proposes a new general approach for property verification for access control models, providing for both property verification and automated generation of test cases.
Conformance Checking of Access Control Policies Specified in XACML
TLDR
This position paper proposes an approach for conducting conformance checking of access control policies specified in XAC ML based on existing verification and testing tools for XACML policies.
Assessing Quality of Policy Properties in Verification of Access Control Policies
TLDR
This paper implemented Mutaver, a mutation verification tool for XACML, and applied it to policies and properties from a real-world software system, finding that more properties are needed to augment the existing set of properties to provide higher confidence of the policy correctness.
A modular approach to composing access control policies
TLDR
This work proposes an algebra of security policies together with its formal semantics and illustrates how to formulate complex policies in the algebra and reason about them and illustrates a translation of policy expressions into equivalent logic programs, which provide the basis for the implementation of the language.
Practical safety in flexible access control models
TLDR
By keeping the complexity of constraint expression in check, flexible access control models, such as role-based access control, may also be used for expressing access control policy for safety-critical systems.
Defining and Measuring Policy Coverage in Testing Access Control Policies
TLDR
A coverage-measurement tool to measure policy coverage given a set of XACML policies and aSet of requests and a tool for request reduction, which can substantially reduce the size of generated requests and incur only relatively low loss on fault detection.
A logical language for expressing authorizations
TLDR
This paper proposes a logical language for the specification of authorizations and illustrates the power of the language by showing how different constraints that are sometimes required, but very seldom supported by existing access control systems, can be represented in the language.
A fault model and mutation testing of access control policies
TLDR
A fault model for access control policies and a framework to explore it is presented, which includes mutation operators used to implement the fault model, mutant generation, equivalent-mutant detection, and mutant-killing determination, and a relationship between structural coverage and fault-detection effectiveness is determined.
Automated Test Generation for Access Control Policies via Change-Impact Analysis
  • Evan Martin, Tao Xie
  • Computer Science
    Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007)
  • 2007
TLDR
A novel framework and its supporting tool called Cirg that generates tests based on change- impact analysis that can effectively generate tests to achieve high structural coverage of policies and outperforms random test generation in terms of structural coverage and fault-detection capability.
Inferring access-control policy properties via machine learning
  • Evan Martin, Tao Xie
  • Computer Science
    Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06)
  • 2006
TLDR
A data-mining approach to the problem of verifying that expressed access-control policies reflect the true desires of the policy author is presented and results show that machine learning algorithms can provide valuable insight into basic policy properties and help identify specific bug-exposing requests.
...
...