Analysis of Rewrite-Based Access Control Policies

Claude Kirchner 1, 2 Helene Kirchner 1, 2 Anderson Santana de Oliveira
2 PAREO - Formal islands: foundations and applications
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : The rewrite-based approach provides executable specifications for security policies, which can be independently designed, verified, and then anchored on programs using a modular discipline. In this paper, we describe how to perform queries over these rule-based policies in order to increase the trust of the policy author on the correct behavior of the policy. The analysis we provide is founded on the strategic narrowing process, which provides both the necessary abstraction for simulating executions of the policy over access requests and the mechanism for solving 'what-if' queries from the security administrator. We illustrate this general approach by the analysis of a firewall system policy.
Type de document :
Article dans une revue
Electronic Notes in Theoretical Computer Science, Elsevier, 2009, Proceedings of the Third International Workshop on Security and Rewriting Techniques (SecReT 2008), Pittsburgh, PA, USA, 22 June 2008, 234, pp.55-75. 〈10.1016/j.entcs.2009.02.072〉
Liste complète des métadonnées

https://hal.inria.fr/inria-00433409
Contributeur : Helene Kirchner <>
Soumis le : jeudi 19 novembre 2009 - 11:33:37
Dernière modification le : jeudi 11 janvier 2018 - 06:22:10

Lien texte intégral

Identifiants

Collections

Citation

Claude Kirchner, Helene Kirchner, Anderson Santana de Oliveira. Analysis of Rewrite-Based Access Control Policies. Electronic Notes in Theoretical Computer Science, Elsevier, 2009, Proceedings of the Third International Workshop on Security and Rewriting Techniques (SecReT 2008), Pittsburgh, PA, USA, 22 June 2008, 234, pp.55-75. 〈10.1016/j.entcs.2009.02.072〉. 〈inria-00433409〉

Partager

Métriques

Consultations de la notice

395