Analysis of Rewrite-Based Access Control Policies - Archive ouverte HAL Access content directly
Conference Papers Year : 2008

Analysis of Rewrite-Based Access Control Policies

(1) , (1, 2) , (1, 2)
1
2

Abstract

The rewrite-based approach provides executable specifications for security policies, which can be independently designed, verified, and then anchored on programs using a modular discipline. In this paper, we describe how to perform queries over these rule-based policies in order to increase the trust of the policy author on the correct behavior of the policy. The analysis we provide is founded on the strategic narrowing process, which provides both the necessary abstraction for simulating executions of the policy over access requests and the mechanism for solving {\it what-if} queries from the security administrator. We illustrate this general approach by the analysis of a firewall system policy.
Not file

Dates and versions

inria-00335088 , version 1 (28-10-2008)

Identifiers

  • HAL Id : inria-00335088 , version 1

Cite

Anderson Santana de Oliveira, Claude Kirchner, Hélène Kirchner. Analysis of Rewrite-Based Access Control Policies. 3rd International Workshop on Security and Rewriting Techniques, Jun 2008, Pittsburgh, United States. ⟨inria-00335088⟩
94 View
0 Download

Share

Gmail Facebook Twitter LinkedIn More