Show simple item record

Automatic Error Finding in Access-Control Policies

dc.date.accessioned2010-05-06T17:30:07Z
dc.date.accessioned2018-11-26T22:26:16Z
dc.date.available2010-05-06T17:30:07Z
dc.date.available2018-11-26T22:26:16Z
dc.date.issued2010-05-05
dc.identifier.urihttp://hdl.handle.net/1721.1/54730
dc.identifier.urihttp://repository.aust.edu.ng/xmlui/handle/1721.1/54730
dc.description.abstractAccess-control policies are a key infrastructural technology for computer security. However, a significant problem is that system administrators need to be able to automatically verify whether their policies capture the intended security goals. To address this important problem, researchers have proposed many automated verification techniques. Despite considerable progress in verification techniques, scalability is still a significant issue. Hence, in this paper we propose that error finding complements verification, and is a fruitful way of checking whether or not access control policies implement the security intent of system administrators. Error finding is more scalable (at the cost of completeness), and allows for the use of a wider variety of techniques. In this paper, we describe an abstraction-refinement based technique and its implementation, the Mohawk tool, aimed at finding errors in ARBAC access-control policies. The key insight behind our abstraction-refinement technique is that it is more efficient to look for errors in an abstract policy (with successive refinements, if necessary) than its complete counterpart. Mohawk accepts as input an access-control policy and a safety question. If Mohawk finds an error in the input policy, it terminates with a sequence of actions that cause the error. We provide an extensive comparison of Mohawk with the current state-of-the-art analysis tools. We show that Mohawk scales very well as the size and complexity of the input policies increase, and is orders of magnitude faster than competing tools. The Mohawk tool is open source and available from the Google Code website: http://code.google.com/p/mohawk/en_US
dc.format.extent12 p.en_US
dc.relation.urihttp://code.google.com/p/mohawk/
dc.rightsCreative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unporteden
dc.rights.urihttp://creativecommons.org/licenses/by-nc-nd/3.0/
dc.subjectaccess-control policiesen_US
dc.subjecterror findingen
dc.subjectbounded model-checkingen
dc.subjectabstraction refinementen
dc.titleAutomatic Error Finding in Access-Control Policiesen_US


Files in this item

FilesSizeFormatView
MIT-CSAIL-TR-2010-022.pdf403.8Kbapplication/pdfView/Open

This item appears in the following Collection(s)

Show simple item record

Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unported
Except where otherwise noted, this item's license is described as Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unported