Verification and change-impact analysis of access-control policies

Proceedings - 27th International Conference on Software Engineering, ICSE05

Volumn , Issue , 2005, Pages 196-205

  Fisler, Kathi ^a   Krishnamurthi, Shriram ^b   Meyerovich, Leo A ^b   Tschantz, Michael Carl ^b  

^a WPI   (United States)

^b BROWN UNIVERSITY   (United States)

Author keywords

Access control policies; Change impact analysis; Decision diagram; Verification; XACML

Indexed keywords

COMPUTER PROGRAMMING LANGUAGES; COMPUTER SOFTWARE; DECISION MAKING; QUERY LANGUAGES;

ACCESS-CONTROL POLICIES; CHANGE-IMPACT ANALYSIS; DECISION DIAGRAM; VERIFICATION; XACML;

SYSTEMS ANALYSIS;

EID: 85088054290     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1062455.1062502     Document Type: Conference Paper

References (31)

1. T. Ahmed and A. R. Tripathi. Static verification of security requirements in role based CSCW systems. In Symposium on Access Control Models and Technologies, pages 196-203, 2003.
2. A. Anderson. Evaluating XACML as a policy language. Technical report, OASIS, Mar. 2003. Document identifier: wd-xacml-wspleval-03.
3. M. Backes, G. Karjoth, W. Bagga, and M. Schunter. Efficient comparison of enterprise privacy policies. In Symposium on Applied Computing, pages 375-382, 2004.
4. R. Bahar, E. Frohm, C. M. Gaona, G. D. Hachtel, E. Macii, A. Pardo, and F. Somenzi. Algebraic decision diagrams and their applications. In International Conference on Computer-Aided Design, pages 188-191, 1993.
5. R. E. Bryant. Graph based algorithms for boolean function manipulation. IEEE Transactions on Computers, C35(8):677-691, 1986.
6. D. D. Clark and D. R. Wilson. A comparison of commercial and military computer security policies. In IEEE Symposium of Security and Privacy, pages 184-194, 1987.
7. E. Clarke, M. Fujita, P. McGeer, J. Yang, and X. Zhao. Multi-terminal binary decision diagrams: An efficient data structure for matrix representation. In International Workshop on Logic Synthesis, 1993.
8. D. F. Ferraiolo, D. R. Kuhn, and R. Chandramouli. Role-Based Access Control. Artech House, 2003.
9. R. B. Findler, J. Clements, C. Flanagan, M. Flatt, S. Krishnamurthi, P. Steckler, and M. Felleisen. DrScheme: A programming environment for Scheme. Journal of Functional Programming, 12(2):159-182, 2002.
10. D. P. Guelev, M. D. Ryan, and P.-Y. Schobbens. Model-checking access control policies. In Information Security Conference, Lecture Notes in Computer Science. Springer-Verlag, Sept. 2004.
11. J. D. Guttman and A. L. Herzog. Rigorous automated network security management. International Journal of Information Security, Dec. 2004.
12. J. D. Guttman, A. L. Herzog, and J. D. Ramsdell. Verifying information flow goals in security-enhanced Linux. In Workshop on Issues in the Theory of Security, January 2004.
13. P. W. Hopkins. Enabling complex UI in Web applications with send/suspend/dispatch. In Scheme Workshop, 2003.
14. S. Horwitz. Identifying the semantic and textual differences between two versions of a program. In ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 234-245, 1990.
15. G. Hughes and T. Bultan. Automated verification of access control policies. Technical Report 2004-22, University of California, Santa Barbara, 2004.
16. D. Jackson. Automating first-order relational logic. In ACM SIGSOFT International Symposium on the Foundations of Software Engineering, Nov. 2000.
17. D. Jackson, S. Jha, and C. A. Damon. Isomorph-free model enumeration: A new method for checking relational specifications. ACM Transactions on Programming Languages and Systems, 20(2):302-343, Mar. 1998.
18. T. Jaeger, X. Zhang, and F. Cacheda. Policy management using access control spaces. ACM Transactions on Information and System Security, 6(3):327-364, 2003.
19. 5 report on the algorithmic language Scheme. ACM SIGPLAN Notices, 33(9), Oct. 1998.
20. M. Koch, L. V. Mancini, and F. Parisi-Presicce. On the specification and evolution of access control policies. In Symposium on Access Control Models and Technologies, pages 121-130, 2001.
21. G. Kolaczek. Specification and verification of constraints in role based access control for enterprise security system. In International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, pages 190-195, 2003.
22. S. Krishnamurthi. The CONTINUE server. In Symposium on the Practical Aspects of Declarative Languages, January 2003.
23. F. Mayer. Tools and techniques for analyzing type enforcement policies in security enhanced Linux. In Annual Computer Security Applications Conference, Dec. 2003.
24. T. Moses, extensible Access Control Markup Language (XACML) version 1.0. Technical report, OASIS, Feb. 2003.
25. C. Powers and M. Schunter. Enterprise privacy authorization language (EPAL 1.2). W3C Member Submission, November 2003.
26. A. Sabelfeld and A. C. Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5-19, January 2003.
27. B. Sarna-Starosta and S. D. Stoller. Policy analysis for security-enhanced Linux. In Workshop on Issues in the Theory of Security, pages 1-12, April 2004.
28. A. Schaad, J. Moffett, and J. Jacob. The role-based access control system of a European bank: a case study and discussion. In Symposium on Access Control Models and Technologies, pages 3-9, 2001.
29. A. Schaad and J. D. Moffett. A lightweight approach to specification and analysis of role-based access control extensions. In Symposium on Access Control Models and Technologies, pages 13-22, 2002.
30. F. Somenzi. CUDD: The CU decision diagram package, http://vlsi.Colorado. edu/~fabio/CUDD/.
31. N. Zhang, M. Ryan, and D. P. Guelev. Synthesising verified access control systems in XACML. In ACM Workshop on Formal Methods in Security Engineering, 2004.