Model checking for verification of mandatory access control models and properties

International Journal of Software Engineering and Knowledge Engineering

Volumn 21, Issue 1, 2011, Pages 103-127

  Hu, Vincent C ^a   Kuhn, D Richard ^a   Xie, Tao ^b   Hwang, Jeehyun ^b  

^a NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY   (United States)

^b North Carolina State University   (United States)

Author keywords

Access control; model; policy; testing

Indexed keywords

AUTOMATED GENERATION; CONTROL PROPERTIES; COVERING ARRAYS; GENERAL APPROACH; MAC MODELS; MANDATORY ACCESS CONTROL; MODEL CHECKER; PROPERTY VERIFICATION; SECURITY PROPERTIES; SYSTEM IMPLEMENTATION; TEST CASE; WIDE GAP;

MODEL CHECKING; SECURITY SYSTEMS; SPECIFICATION LANGUAGES; SPECIFICATIONS;

ACCESS CONTROL;

EID: 79960042343     PISSN: 02181940     EISSN: None     Source Type: Journal    
DOI: 10.1142/S021819401100513X     Document Type: Conference Paper

References (37)

1. C. P. Pfleeger, Security in Computing, 2nd edn. (Prentice Hall PTR, 1997).
2. D. Ferraiolo, D. Kuhn and R. Chandramouli, Role-Based Access Control, Artech House, Computer Security Series, 2003.
3. V. Hu, D. Frincke and D. Ferraiolo, The policy machine for security policy management, in Proc. ICCS Conference, San Francisco, May 2001.
4. P. Bonatti, S. Vimercati and P. Samarati, A modular approach to composing access control policies, in Proc. ACM Conference on Computer and Communication Security, Athens, Greece, November 2000.
5. S. Jajodia, P. Samarati and V. S. Subrahmanian, A logical language for expressing authorizations, in Proc. 1997 IEEE Symposium on Security and Privacy (1997), pp. 31-42.
6. M. Kudo and S. Hada, XML document security based on provisional authorization, in Proc. ACM Conference on Computer and Communication Security, Athens, Greece, November 2000.
7. E. C. Lupu and M. Sloman, Conflict in policy-based distributed systems management, IEEE Trans Software Engineering 25(6) (1999) 852-869. (Pubitemid 30583219)
8. E. Martin, T. Xie and V. C. Hu, Assessing quality of policy properties in verification of access control policies, North Carolina State University Department of Computer Science Technical report TR-2007-25, September 16, 2007.
9. D. R. Kuhn, R. Kacker and Y. Lei, 22 CROSSTALK, The Journal of Defense Software Engineering, June 2008.
10. V. C. Hu, R. D. Kuhn and T. Xie, Property Verification for Generic Access Control Models, in Proc. 2008 IEEE/IFIP International Symposium on Trust, Security and Privacy for Pervasive Application (TSP2008), Shanghai, China, December 17-20, 2008.
11. D. E. Bell and L. J. LaPadula, Secure Computer Systems: Mathematical Foundations (MITRE Corporation, 1973).
12. D. Ferraiolo and R. Kuhn, Role based access control, in Proc. 15th NIST-NCSC National Computer Security Conference, 1992, pp. 554-563.
13. National Computer Security Center, Integrity in Automated information System, Technical Report 79-91, Library No. S237,254, September 1991.
14. D. F. C. Brewer and M. J. Nash, The Chinese wall security policy, in Proc. IEEE Symposium on Security and Privacy (1989), pp. 206-214.
15. Workflow Management Coalition, Workflow Management Coalition Terminology & Glossary, documentation number WFMC-TC-1011, February 1999. http://www. wfmc.org/.
16. M. Ben-Ari, Z. Manna and A. Pnueli, The temporal logic of branching time, Acta Informatica 20 (1983).
17. E. M. Clarke, E. A. Emerson and A. P. Sistla, Automatic verification of finite-state concurrent systems using temporal-logic specifications, ACM Trans. Program ming Languages and Systems 8(2) (1986).
18. A. Pnueli, A temporal logic for concurrent programs, T heoretical Computer Science 13 (1980).
19. S. Kikuchi, S. Tsuchiya, M. Adachi and T. Katsuyama, Policy verification and validation framework based on model checking approach, in Proc. International Conference on Autonomic Computing (2007), pp. 1-9.
20. T. Jaeger and E. T. Jonathon, Practical safety in flexible access control model, ACM Transitions on Information and System Security 4(2) (2001) 158-190.
21. E. Martin and T. Xie, A fault model and mutation testing of access control policies, in Proc. 16th International Conference on World Wide Web, Banff, Alberta, Canada (2007), pp. 667-676. (Pubitemid 47582296)
22. D. R. Kuhn and V. Okun, Pseudo-exhaustive testing for software, in Proc. 30th NASA/IEEE Software Engineering Workshop (2006) April 25-27.
23. Y. Lei et al., Efficient test generation for multi-way combinatorial testing, Software Testing, Verification, and Reliability, Wiley InterScience, October 2007.
24. http://csrc/nist/gov/acts.
25. NuSMV: NuSMV 2.2 Tutorial, a new symbolic model checker, http://nusmv. irst.itc.it/.
26. R. Sandhu, V. Bhamidipati and Q. Munawer, The ARBAC97 model for role-based administration of roles, ACM Transactions on Information and Systems Security 2(1) (1999) 105-135.
27. N. Zhang, M. D. Ryan and D. Guelev, Evaluating access control policies through model checking, in Proc. Information Security Conference (2005), pp. 446-460.
28. A. Schaad, V. Lotz and K. Sohr, A model-checking approach to analysing organisational controls in a loan origination process, in Proc. ACM Symposium on Access Control Models and Technologies (2006), pp. 139-149. (Pubitemid 44300751)
29. V. C. Hu, E. Martin, J. Hwang and T. Xie, Conformance checking of access control policies specified in XACML, in Proc. 1st IEEE International Workshop on Security in Software Engineering (IWSSE 2007), Beijing, China (July 2007) 275-280.
30. E. Martin and T. Xie, A fault model and mutation testing of access control policies, in Proc. 11th International Conference on World Wide Web (WWW 2007), Security, Privacy, Reliability, and Ethics Track, Banff, Alberta, Canada (May 2007), pp. 667-676. (Pubitemid 47582296)
31. E. Martin and T. Xie, Automated test generation for access control policies via change-impact analysis, in Proc. 3rd International Workshop on Software Engineering for Secure Systems (SESS 2007), Minneapolis, MN (May 2007), pp. 5-11.
32. E. Martin, T. Xie and T. Yu, Defining and measuring policy coverage in testing access control policies, in Proc. 8th International Conference on Information and Communications Security (ICICS 2006), Raleigh, NC (December 2006) pp. 139-158.
33. E. Martin and T. Xie, Automated test generation for access control policies, in Supplemental Proc. 17th IEEE International Conference on Software Reliability Engineering (ISSRE 2006), Fast Abstracts, Raleigh, NC (November 2006).
34. E. Martin and T. Xie, Inferring access-control policy properties via machine learning, in Proc. 7th IEEE Workshop on Policies for Distributed Systems and Networks (POLICY 2006), London, Ontario Canada (June 2006), pp. 235-238. (Pubitemid 44888908)
35. E. Martin, T. Xie and V. C. Hu, Assessing quality of policy properties in verification of access control policies, North Carolina State University Department of Computer Science Technical report TR-2007-25 (September 16), 2007
36. IBM Policy Manager V7.0: http://www.redbooks.ibm.com/redpapers/pdfs/ redp4512. pdf.
37. Cisco Policy Manager: http://www.cisco.com/en/US/products/ps9530/index. html.