Sciweavers

CCS
2011
ACM

Automatic error finding in access-control policies

13 years 12 days ago
Automatic error finding in access-control policies
Verifying that access-control systems maintain desired security properties is recognized as an important problem in security. Enterprise access-control systems have grown to protect tens of thousands of resources, and there is a need for verification to scale commensurately. We present straction-refinement technique for automatically finding errors in Administrative Role-Based Access Control (ARBAC) security policies. ARBAC is the first and most comprehensive administrative scheme for Role-Based Access Control (RBAC) systems. Underlying our approach is a change in mindset: we propose that error finding complements verification, can be more scalable, and allows for the use of a wider variety of techniques. In our approach, we use an abstraction-refinement technique to first identify and discard roles that are unlikely to be relevant to the verification question (the abstraction step), and then restore such abstracted roles incrementally (the refinement steps). Errors sided: i...
Karthick Jayaraman, Vijay Ganesh, Mahesh V. Tripun
Added 13 Dec 2011
Updated 13 Dec 2011
Type Journal
Year 2011
Where CCS
Authors Karthick Jayaraman, Vijay Ganesh, Mahesh V. Tripunitara, Martin C. Rinard, Steve J. Chapin
Comments (0)