article

On the Decidability of the Safety Problem for Access Control Policies

Authors:

T. NewcombAuthors Info & Claims

Electronic Notes in Theoretical Computer Science (ENTCS), Volume 185

Pages 107 - 120

https://doi.org/10.1016/j.entcs.2007.05.032

Published: 01 July 2007 Publication History

Abstract

An access control system regulates the rights of users to gain access to resources in accordance with a specified policy. The rules in this policy may interact in a way that is not obvious via human inspection; there is, therefore, a need for automated verification techniques that can check whether a policy does indeed implement some desired security requirement. Thirty years ago, a formalisation of access control presented a model and a safety specification for which satisfaction is undecidable. Subsequent research, aimed at finding restricted versions that obtain the decidability of this problem, yielded models without satisfactory expressive power for practical systems. Instead of restricting the model, we reexamine the safety specification. We develop a new logic that can express a wide variety of safety properties over access control systems, and show that model checking is decidable for a useful fragment of this logic.

References

[1]

Blaze, M., J. Feigenbaum and J. Lacy, Decentralized trust management, in: Proceedings of the IEEE Symposium on Research in Security and Privacy, 1996, pp. 1081--6011

[2]

Bryans, J., Reasoning about XACML policies using CSP, Technical Report CS-TR-924, University of Newcastle (2005)

[3]

Crampton, J., “Authorization and antichains,” Ph.D. thesis, Birkbeck, University of London, London, England (2002)

[4]

http://www.fsel.com

[5]

Guelev, D., M. Ryan and P.-Y. Schobbens, Model-checking access control policies., in: ISC, 2004, pp. 219--230

[6]

Harrison, M. and Ruzzo, W., Monotonic protection systems. In: DeMillo, A.J.R., Dobkin, D., Lipton, R. (Eds.), Foundations of Secure Computation, Academic Press. pp. 337-363.

[7]

Harrison, M., Ruzzo, W. and Ullman, J., Protection in operating systems. Communications of the ACM.

[8]

Kleiner, E. and T. Newcomb, Using CSP to decide safety problems for access control policies, Technical Report RR-06-04, Oxford University Computing Laboratory, Parks Road, Oxford, OX1 3QD, UK (2006)

[9]

Koch, M., L. Mancini and F. Parisi-Presicce, Decidability of safety in graph-based models for access control, in: ESORICS '02: Proceedings of the 7th European Symposium on Research in Computer Security (2002), pp. 229--243

Digital Library

[10]

Lazić, R., Newcomb, T. and Roscoe, A., On model checking data-independent systems with arrays without reset. In: Verification and Computational Logic, vol. 4.

[11]

Lazić, R., T. Newcomb and A. Roscoe, Polymorphic systems with arrays, 2-counter machines and multiset rewriting, in: Proceedings of INFINITY, 2004, pp. 3--19

[12]

Li, N., Mitchell, J. and Winsborough, W., Beyond proof-of-compliance: security analysis in trust management. J. ACM. v52. 474-514.

[13]

Lipton, R. and Snyder, L., On synchronization and security. In: DeMillo, A.J.R., Dobkin, D., Lipton, R. (Eds.), Foundations of Secure Computation, Academic Press. pp. 367-385.

[14]

Newcomb, T., “Model Checking Data-Independent Systems With Arrays,” Ph.D. thesis, Oxford University Computing Laboratory (2003)

[15]

Roscoe, A., The Theory and Practice of Concurrency. 1998. Prentice-Hall.

[16]

Roscoe, A. and R. Lazić, What can you decide about resetable arrays?, in: Proceedings of the 2nd International Workshop on Verification and Computational Logic (VCL 2001), Technical Report DSSE-TR-2001-3, pages 5--23 (2001), pp. 5--23

[17]

Ryan, P., S. Schneider, M. Goldsmith, G. Lowe and A. Roscoe, Modelling and analysis of security protocols (2001)

[18]

Sandhu, R. and G. Suri, Non-monotonic transformation of access rights, in: Proceedings of the IEEE Symposium on Security and Privacy, 1992, pp. 148--163

[19]

Vardi, M. and P. Wolper, An automata-theoretic approach to automatic program verification (preliminary report), in: Proc. 1st Annual IEEE Symposium on Logic in Computer Science, Washington, DC, 1986, pp. 332--344

[20]

Wolper, P. and Lovinfosse, V., Verifying properties of large sets of processes with network invariants. In: Lecture Notes in Computer Science, 407. pp. 68-80.

[21]

Zhang, N., M. Ryan and D. Guelev, Synthesising verified access control systems in XACML, in: FMSE '04: Proceedings of the 2004 ACM workshop on Formal methods in security engineering (2004), pp. 56--65

Digital Library

[22]

Zhang, N., M. Ryan and D. Guelev, Evaluating access control policies through model checking., in: ISC, 2005, pp. 446--460

Digital Library

Cited By

Amthor PKühnhauser WPölck AConti MVaidya JSchaad A(2013)Heuristic safety analysis of access control modelsProceedings of the 18th ACM symposium on Access control models and technologies10.1145/2462410.2462413(137-148)Online publication date: 12-Jun-2013
https://dl.acm.org/doi/10.1145/2462410.2462413
Ranise SArmando A(2012)On the automated analysis of safety in usage controlProceedings of the 6th international conference on Network and System Security10.1007/978-3-642-34601-9_2(15-28)Online publication date: 21-Nov-2012
https://dl.acm.org/doi/10.1007/978-3-642-34601-9_2
Bruns GHuth MAvijit KBreu RCrampton JLobo J(2011)Program synthesis in administration of higher-order permissionsProceedings of the 16th ACM symposium on Access control models and technologies10.1145/1998441.1998449(41-50)Online publication date: 15-Jun-2011
https://dl.acm.org/doi/10.1145/1998441.1998449

Index Terms

On the Decidability of the Safety Problem for Access Control Policies

Recommendations

Automated Analysis of Access Control Policies Based on Model Checking
Abstract
Access control is becoming increasingly important for today’s ubiquitous systems which provide mechanism to prevent sensitive resources against unauthorized users. In access control models, the administration of access control policies is a task ...
Automatic error finding in access-control policies
CCS '11: Proceedings of the 18th ACM conference on Computer and communications security

Verifying that access-control systems maintain desired security properties is recognized as an important problem in security. Enterprise access-control systems have grown to protect tens of thousands of resources, and there is a need for verification to ...
Category-Based Administrative Access Control Policies
As systems evolve, security administrators need to review and update access control policies. Such updates must be carefully controlled due to the risks associated with erroneous or malicious policy changes. We propose a category-based access control (...

Comments

Information & Contributors

Information

Published In

cover image Electronic Notes in Theoretical Computer Science (ENTCS)

Electronic Notes in Theoretical Computer Science (ENTCS) Volume 185, Issue

July, 2007

147 pages

ISSN:1571-0661

Issue’s Table of Contents

Copyright © Elsevier B.V. © 2007.

Publisher

Elsevier Science Publishers B. V.

Netherlands

Publication History

Published: 01 July 2007

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Amthor PKühnhauser WPölck AConti MVaidya JSchaad A(2013)Heuristic safety analysis of access control modelsProceedings of the 18th ACM symposium on Access control models and technologies10.1145/2462410.2462413(137-148)Online publication date: 12-Jun-2013
https://dl.acm.org/doi/10.1145/2462410.2462413
Ranise SArmando A(2012)On the automated analysis of safety in usage controlProceedings of the 6th international conference on Network and System Security10.1007/978-3-642-34601-9_2(15-28)Online publication date: 21-Nov-2012
https://dl.acm.org/doi/10.1007/978-3-642-34601-9_2
Bruns GHuth MAvijit KBreu RCrampton JLobo J(2011)Program synthesis in administration of higher-order permissionsProceedings of the 16th ACM symposium on Access control models and technologies10.1145/1998441.1998449(41-50)Online publication date: 15-Jun-2011
https://dl.acm.org/doi/10.1145/1998441.1998449

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents