Sciweavers

ISSTA
2006
ACM

Role-Based access control consistency validation

14 years 5 months ago
Role-Based access control consistency validation
Modern enterprise systems support Role-Based Access Control (RBAC). Although RBAC allows restricting access to privileged operations, a deployer may actually intend to restrict access to privileged data. This paper presents a theoretical foundation for correlating an operation-based RBAC policy with a data-based RBAC policy. Relying on a locationconsistency property, this paper shows how to infer whether an operation-based RBAC policy is equivalent to any databased RBAC policy. We have built a static analysis tool for Java Platform, Enterprise Edition (Java EE) called Static Analysis for Validation of Enterprise Security (SAVES). Relying on interprocedural pointer analysis and dataflow analysis, SAVES analyzes Java EE bytecode to determine if the associated RBAC policy is location consistent, and reports potential security flaws where location consistency does not hold. The experimental results obtained by using SAVES on a number of production-level Java EE codes have identified se...
Paolina Centonze, Gleb Naumovich, Stephen J. Fink,
Added 14 Jun 2010
Updated 14 Jun 2010
Type Conference
Year 2006
Where ISSTA
Authors Paolina Centonze, Gleb Naumovich, Stephen J. Fink, Marco Pistoia
Comments (0)