automated analysis of access control policies
play

Automated Analysis of Access Control Policies Alessandro Armando - PowerPoint PPT Presentation

Aug 08, 2023 •100 likes •879 views

Automated Analysis of Access Control Policies Alessandro Armando joint work with Silvio Ranise Artificial Intelligence Laboratory (AI-Lab) Security & Trust Research Unit DIST, University of Genova FBK-IRST Genova Trento A. Armando (U.

  1. Automated Analysis of Access Control Policies Alessandro Armando joint work with Silvio Ranise Artificial Intelligence Laboratory (AI-Lab) Security & Trust Research Unit DIST, University of Genova FBK-IRST Genova Trento A. Armando (U. of Genova & FBK-IRST) Automated Analysis of Access Control VTSA11, Sept. 23, 2011 1 / 52

  2. Access Control The process of mediating requests to resources maintained by a system and determining whether a request should be granted or denied Crucial role in system security Usually separation between policies specified by a language with an underlying model mechanisms enforcing policies Separation implies protection requirements are independent of their implementation security policies can be analyzed abstractly A. Armando (U. of Genova & FBK-IRST) Automated Analysis of Access Control VTSA11, Sept. 23, 2011 2 / 52

  3. Role-based Access Control User Permission Alice GrantTenure Alice AssignGrades Alice ReceiveHBenefits Alice UseGym Bob GrantTenure Bob AssignGrades Bob UseGym Charlie GrantTenure Charlie AssignGrades Charlie UseGym David AssignHWScores David Register4Courses David UseGym Eve ReceiveHBenefits Eve UseGym Fred Register4Courses Fred UseGym Greg UseGym A. Armando (U. of Genova & FBK-IRST) Automated Analysis of Access Control VTSA11, Sept. 23, 2011 3 / 52

  4. Role-based Access Control Permission Assignment (PA) Role Permission PCMember GrantTenure PCMember AssignGrades User Assignment (UA) PCMember ReceiveHBenefits User Role PCMember UseGym Alice PCMember Faculty AssignGrades Bob Faculty Faculty ReceiveHBenefits Charlie Faculty Faculty UseGym David TA TA AssignHWScores David Student TA Register4Courses Eve UEmployee TA UseGym Fred Student UEmployee ReceiveHBenefits Greg UMember UEmployee UseGym Student Register4Courses Student UseGym UMember UseGym A. Armando (U. of Genova & FBK-IRST) Automated Analysis of Access Control VTSA11, Sept. 23, 2011 3 / 52

  5. Role-based Access Control Permission Assignment (PA) Role Permission PCMember GrantTenure Faculty AssignGrades TA AssignHWScores User Assignment (UA) UEmployee ReceiveHBenefits User Role Student Register4Courses Alice PCMember UMember UseGym Bob Faculty Charlie Faculty David TA PCMember David Student Eve UEmployee PTEmployee FTEmployee Faculty TA Fred Student Greg UMember UEmployee Student Role Hierarchy ( � ) UMember A. Armando (U. of Genova & FBK-IRST) Automated Analysis of Access Control VTSA11, Sept. 23, 2011 3 / 52

  6. Administrative RBAC Changes to RBAC policies subject to administrative policy. Several administrative models for RBAC: ARBAC97, SARBAC, Oracle DBMS, UARBAC, ... Key issue: definition of administrative domains, e.g. ARBAC: admin. domain = role-based UARBAC: admin. domain = attribute-based A. Armando (U. of Genova & FBK-IRST) Automated Analysis of Access Control VTSA11, Sept. 23, 2011 4 / 52

  7. ARBAC97: URA97 sub-model In URA97, administrative actions can only User Role modify the User Assignment (UA) relation. Alice PCMember Bob Faculty Charlie Faculty can_assign: David TA UEmployee : { Student , TA } = ⇒ + PTEmployee David Student Eve UEmployee can_revoke: Fred Student UEmployee : { Student } = ⇒ − Student Greg UMember Static Mutually Exclusive Roles (SMER): SMER ( TA , PTEmployee ) A. Armando (U. of Genova & FBK-IRST) Automated Analysis of Access Control VTSA11, Sept. 23, 2011 5 / 52

  8. ARBAC97: URA97 sub-model In URA97, administrative actions can only User Role modify the User Assignment (UA) relation. Alice PCMember Bob Faculty Charlie Faculty can_assign: David TA UEmployee : { Student , TA } = ⇒ + PTEmployee David Student Eve UEmployee can_revoke: Fred Student UEmployee : { Student } = ⇒ − Student Greg UMember Static Mutually Exclusive Roles (SMER): SMER ( TA , PTEmployee ) A. Armando (U. of Genova & FBK-IRST) Automated Analysis of Access Control VTSA11, Sept. 23, 2011 5 / 52

  9. ARBAC97: URA97 sub-model In URA97, administrative actions can only User Role modify the User Assignment (UA) relation. Alice PCMember Bob Faculty Charlie Faculty can_assign: David TA UEmployee : { Student , TA } = ⇒ + PTEmployee David Student Eve UEmployee Fred Student can_revoke: Fred PTEmployee UEmployee : { Student } = ⇒ − Student Greg UMember Static Mutually Exclusive Roles (SMER): SMER ( TA , PTEmployee ) A. Armando (U. of Genova & FBK-IRST) Automated Analysis of Access Control VTSA11, Sept. 23, 2011 5 / 52

  10. ARBAC97: URA97 sub-model In URA97, administrative actions can only User Role modify the User Assignment (UA) relation. Alice PCMember Bob Faculty Charlie Faculty can_assign: David TA UEmployee : { Student , TA } = ⇒ + PTEmployee David Student Eve UEmployee Fred Student can_revoke: Fred PTEmployee UEmployee : { Student } = ⇒ − Student Greg UMember Static Mutually Exclusive Roles (SMER): SMER ( TA , PTEmployee ) A. Armando (U. of Genova & FBK-IRST) Automated Analysis of Access Control VTSA11, Sept. 23, 2011 5 / 52

  11. ARBAC97: URA97 sub-model In URA97, administrative actions can only User Role modify the User Assignment (UA) relation. Alice PCMember Bob Faculty Charlie Faculty can_assign: David TA UEmployee : { Student , TA } = ⇒ + PTEmployee David Student Eve UEmployee Fred Student can_revoke: Fred PTEmployee UEmployee : { Student } = ⇒ − Student Greg UMember Static Mutually Exclusive Roles (SMER): SMER ( TA , PTEmployee ) A. Armando (U. of Genova & FBK-IRST) Automated Analysis of Access Control VTSA11, Sept. 23, 2011 5 / 52

  12. ARBAC97: URA97 sub-model In URA97, administrative actions can only User Role modify the User Assignment (UA) relation. Alice PCMember Bob Faculty Charlie Faculty can_assign: David TA UEmployee : { Student , TA } = ⇒ + PTEmployee David Student Eve UEmployee can_revoke: Fred PTEmployee UEmployee : { Student } = ⇒ − Student Greg UMember Static Mutually Exclusive Roles (SMER): SMER ( TA , PTEmployee ) A. Armando (U. of Genova & FBK-IRST) Automated Analysis of Access Control VTSA11, Sept. 23, 2011 5 / 52

  13. Administering Access Control Policies (A)RBAC model simplifies specification and administration of access control policies. Yet, in large systems (e.g., Dresdner bank: 40,000 users and 1,400 permissions), administration of RBAC policies can be very difficult. Question: Starting fron an initial RBAC policy and using the administrative actions in the ARBAC policy, is there a way to grant Alice access to salaries.xls ? To predict the effects of changes on policies of real-world complexity by manual inspection is unfeasible: automated support needed! A. Armando (U. of Genova & FBK-IRST) Automated Analysis of Access Control VTSA11, Sept. 23, 2011 6 / 52

  14. URA97: security analysis problems Let ψ be an administrative policy. (Bounded) user-role reachability problem: Given (an integer 1 k ≥ 0, resp.) an initial RBAC policy, and a role r , does there exist a sequence of administrative actions in ψ (of length k , resp) assigning a user u to role r ? Role containment: Given an initial RBAC policy and two roles r 1 2 and r 2 , does every member of role r 1 also belong to role r 2 in all reachable policies by applying finite sequences of administrative actions in ψ ? Weakest precondition: Given a user u and a role r , compute the 3 minimal set of RBAC policies from which a sequence of administrative actions in ψ can make u a member of role r . Inductive policy invariant: Check if a property remain unaffected 4 under any (finite) sequence of administrative actions in ψ . A. Armando (U. of Genova & FBK-IRST) Automated Analysis of Access Control VTSA11, Sept. 23, 2011 7 / 52

  15. Symbolic Reachability Analysis of ARBAC Policies 1 A. Armando and S. Ranise. Automated Symbolic Analysis of ARBAC Policies . In Proc. of 6th Intl. Workshop on Security and Trust Management (STM’10), Athens, September 23-24, 2010. 2 F. Alberti, A. Armando, and S. Ranise. Efficient Symbolic Automated Analysis of Administrative Attribute-based RBAC-Policies . In Proc. of 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011), Hong Kong, March 22-24, 2011. 3 A. Armando and S. Ranise. Automated Analysis of Infinite State Workflows with Access Control Policies . In the Proceedings of the 7th International Workshop on Security and Trust Management (STM’11), Copenhagen (Denmark), July 27-28, 2011. 4 F. Alberti, A. Armando, and S. Ranise. ASASP: Automated Symbolic Analysis of Administrative Policies . In Proc. of 23rd Intl. Conf. on Automated Deduction (CADE-23), Wroclaw (Poland), Jul 31-Aug 5, 2011. 5 A. Armando and S. Ranise. Automated Analysis of Infinite State Workflows with Access Control Policies. In the Proceedings of the 7th International Workshop on Security and Trust Management, Copenhagen (Denmark), July 27-28, 2011. A. Armando (U. of Genova & FBK-IRST) Automated Analysis of Access Control VTSA11, Sept. 23, 2011 8 / 52

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said

An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said

An Automated Model-based Test Oracle for Access Control Systems Antonia Bertolino 1 , Said Daoudagh 1,2 , Francesca Lonetti 1 , Eda Marchetti 1 1 ISTI-CNR 2 University of Pisa Agenda Introduction Access Control Systems XACML policies

459 views • 31 slides
Parameterized Verification goes Safety Analysis of Access Control Policies Silvio Ranise ,

Parameterized Verification goes Safety Analysis of Access Control Policies Silvio Ranise ,

Parameterized Verification goes Safety Analysis of Access Control Policies Silvio Ranise , Riccardo Traverso, Anh Truong FBK-Irst, Trento, Italy Metodi dichiarativi nella verifica di sistemi parametrici Milano, 25-26 Settembre, 2014 Ranise

577 views • 40 slides
Rigorous Analysis of UML Access Control Policy Models Wuliang Sun , Robert France and Indrakshi

Rigorous Analysis of UML Access Control Policy Models Wuliang Sun , Robert France and Indrakshi

Rigorous Analysis of UML Access Control Policy Models Wuliang Sun , Robert France and Indrakshi Ray Computer Science Department Colorado State University Fort Collins, Colorado Security Policies Security policies Expressed by different

834 views • 46 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Rewrite Specifications of Access Control Policies in Distributed Environments C. Bertolissi and

Rewrite Specifications of Access Control Policies in Distributed Environments C. Bertolissi and

Rewrite Specifications of Access Control Policies in Distributed Environments C. Bertolissi and M. Fernndez LIF , Marseille & Kings College London WTS2010, Nancy C. Bertolissi, M. Fernndez () Term rewriting for Access Control

1.04k views • 28 slides
Static enforceability of XPath-based access control policies James Cheney University of

Static enforceability of XPath-based access control policies James Cheney University of

Static enforceability of XPath-based access control policies James Cheney University of Edinburgh DBPL 2013 August 30, 2013 Background Access control for XML databases Read-only security views [Stoica & Farkas 2002, Fan

431 views • 29 slides
Cassandra: Distributed Access Control Policies with Tunable Expressiveness Moritz Y. Becker and

Cassandra: Distributed Access Control Policies with Tunable Expressiveness Moritz Y. Becker and

Cassandra: Distributed Access Control Policies with Tunable Expressiveness Moritz Y. Becker and Peter Sewell Computer Laboratory, University of Cambridge, U.K. Cassandra: Distributed Access Control Policies with Tunable Expressiveness p.

1.44k views • 20 slides
Meta-policies for Distributed Role-based Access Control Andrs Belokosztolszki, Ken Moody

Meta-policies for Distributed Role-based Access Control Andrs Belokosztolszki, Ken Moody

Meta-policies for Distributed Role-based Access Control Andrs Belokosztolszki, Ken Moody {ab374,km}@cl.cam.ac.uk University of Cambridge, Computer Laboratory, OPERA Policy 2002 1 Outline Role-Based Access Control OASIS

480 views • 14 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
UNIVERSIT DE SHERBROOKE Introduction SGAC Formalization Automated verification Conclusion

UNIVERSIT DE SHERBROOKE Introduction SGAC Formalization Automated verification Conclusion

Validating SGAC Access Control Policies with Alloy and ProB Nghi Huynh, Marc Frappier, Amel Mammar and R egine Laleau FA 2018, April 30th UNIVERSIT DE SHERBROOKE Introduction SGAC Formalization Automated verification Conclusion

438 views • 23 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
Management of Exceptions in Access Control Policies J. G. Alfaro, F. Cuppens, N. Cuppens ENST

Management of Exceptions in Access Control Policies J. G. Alfaro, F. Cuppens, N. Cuppens ENST

Management of Exceptions in Access Control Policies J. G. Alfaro, F. Cuppens, N. Cuppens ENST Bretagne, Rennes RSM/SERES Outline - 2 - Problem domain Main strategies Use of full expressiveness Conclusions and Perspectives

562 views • 28 slides
Evaluating access control policies through model-checking IFIP 1.3, Sept. 05 Information Security

Evaluating access control policies through model-checking IFIP 1.3, Sept. 05 Information Security

Evaluating access control policies through model-checking IFIP 1.3, Sept. 05 Information Security Conf , Sept. 05 Mark Ryan Dimitar Guelev Nan Zhang School of Computer Science, University of Birmingham Section of Logic, Institute of

478 views • 21 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files & processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides
CS419 Spring 2010 Computer Security Access Control: Policies and Mechanisms Vinod Ganapathy

CS419 Spring 2010 Computer Security Access Control: Policies and Mechanisms Vinod Ganapathy

CS419 Spring 2010 Computer Security Access Control: Policies and Mechanisms Vinod Ganapathy Lectures 9 and 10 Access Control The prevention of unauthorized use of a resource, including the prevention of use of a resource in an

1.17k views • 90 slides
A Semi-Automated Methodology for extracting access control rules from the EU- DPD Dr. Kaniz

A Semi-Automated Methodology for extracting access control rules from the EU- DPD Dr. Kaniz

A Semi-Automated Methodology for extracting access control rules from the EU- DPD Dr. Kaniz Fatema Research Fellow ADAPT Centre Trinity College Dublin, Ireland E: Kaniz.Fatema@scss.tcd.ie IWPE 16, San Jose, CA. The ADAPT Centre is funded

531 views • 28 slides
IRODS Security Wayne Schroeder Data Intensive Cyber Environments Team (DICE) Institute for

IRODS Security Wayne Schroeder Data Intensive Cyber Environments Team (DICE) Institute for

IRODS Security Wayne Schroeder Data Intensive Cyber Environments Team (DICE) Institute for Neural Computation (INC), University of California San Diego irods.org, dice.unc.edu, diceresearch.org Outline General Comments What Guarding

210 views • 10 slides
Differentiated access control Differentiated access control to graph data to graph data

Differentiated access control Differentiated access control to graph data to graph data

Differentiated access control Differentiated access control to graph data to graph data Application to TinkerPop-compatible Application to TinkerPop-compatible graph databases graph databases Marc de Lignie Marc de Lignie Image courtesy:

596 views • 15 slides
A UTH S COPE : Towards Automatic Discovery of Vulnerable Authorizations in Online Services

A UTH S COPE : Towards Automatic Discovery of Vulnerable Authorizations in Online Services

Introduction Overview Detailed Design Evaluation Related Work Conclusion References A UTH S COPE : Towards Automatic Discovery of Vulnerable Authorizations in Online Services Chaoshun Zuo, Qingchuan Zhao , Zhiqiang Lin University of Texas at

1.4k views • 103 slides
Pros and cons for using LDAP as backend for an RBAC system 3 rd LDAPCon, Heidelberg,

Pros and cons for using LDAP as backend for an RBAC system 3 rd LDAPCon, Heidelberg,

Pros and cons for using LDAP as backend for an RBAC system 3 rd LDAPCon, Heidelberg, 10.-11.10.2011 Peter Gietz, Markus Widmer, DAASI International GmbH Peter.gietz@daasi.de Markus.widmer@daasi.de 1 (c) October 2011 DAASI

815 views • 52 slides
CS 683 - Security and Privacy Fall 2019 Instructor: Karim Eldefrawy University of San Francisco

CS 683 - Security and Privacy Fall 2019 Instructor: Karim Eldefrawy University of San Francisco

CS 683 - Security and Privacy Fall 2019 Instructor: Karim Eldefrawy University of San Francisco http://www.cs.usfca.edu/~keldefrawy/teaching /fall2019/cs683/cs683_main.htm 1 Le Lecture 14 14 Access Control 2 Recall: Secu curity Service

943 views • 33 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Fall 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

1.15k views • 64 slides
Access Control Enforcement Access Control Enforcement for Conversation- -based based for

Access Control Enforcement Access Control Enforcement for Conversation- -based based for

The Cyber Center The Cyber Center Access Control Enforcement Access Control Enforcement for Conversation- -based based for Conversation Web Services Web Services Massimo Mecella * Mourad Ouzzani Univ. Roma LA SAPIENZA, Italy Purdue

375 views • 26 slides
Constraints in Role-Based Access Control Jason Crampton Information Security Group, Royal

Constraints in Role-Based Access Control Jason Crampton Information Security Group, Royal

Constraints in Role-Based Access Control Jason Crampton Information Security Group, Royal Holloway University of London jason.crampton@rhul.ac.uk www.isg.rhul.ac.uk/~jason Outline Introduction Separation of duty Role-based

482 views • 14 slides

More recommend