Open Access
X-Policy: Knowledge-based Verification Tool for Dynamic Access Control Policies
Hasan N. Qunoo,Mark Ryan +1 more
Reads0
Chats0
TLDR
X-policy, a knowledge-based verification tool that can analyse the system's vulnerabilities where the attackers can act as a coalition of users, use the system, share knowledge and collaborate with each other to achieve the attack is presented.Abstract:
Verifying the correctness of large, complex and dynamic access control policies by hand is insufficient and error-prone. We present X-policy, a knowledge-based verification tool that can analyse the system's vulnerabilities where the attackers can act as a coalition of users, use the system, share knowledge and collaborate with each other to achieve the attack. We present a policy language that is able to express dynamic access control policies and a corresponding query language. We model the EasyChair conference management system and we analyse in details three security properties of EasyChair using our model. Finally, we compare our results with similar tools and we discuss the results and the advantages of our tool and approach.read more
Citations
More filters
Dissertation
Modelling and verifying dynamic access control policies using knowledge-based model checking
TL;DR: A modelling language that expresses dynamic access control policies with compound actions that update multiple variables; a knowledge-based verification algorithm that verifies properties over an access control policy that has compound actions; and an automated tool, called X-Policy, which implements the algorithm.
References
More filters
Proceedings ArticleDOI
Binder, a logic-based security language
TL;DR: Binder is an open logic-based security language that encodes security statements as components of communicating distributed logic programs that can be more expressive than statements in standard security languages.
Proceedings ArticleDOI
Cassandra: distributed access control policies with tunable expressiveness
Moritz Y. Becker,Peter Sewell +1 more
TL;DR: Cassandra is presented, a role-based trust management system with an elegant and readable policy specification language based on Datalog with constraints that can easily express a wide range of policies including role hierarchy, role delegation, separation of duties, cascading revocation, automatic credential discovery and trust negotiation.
Proceedings ArticleDOI
Design and Semantics of a Decentralized Authorization Language
TL;DR: This work describes an execution strategy based on translation to datalog with constraints, and table-based resolution that is sound, complete, and always terminates, despite recursion and negation, as long as simple syntactic conditions are met.
Journal ArticleDOI
Synthesising verified access control systems through model checking
TL;DR: A framework for evaluating and generating access control policies is presented, which contains a modelling formalism called RW, which is supported by a model checking tool that implements the algorithm and thus performs the RW model-checking.
Proceedings ArticleDOI
Specification and Analysis of Dynamic Authorisation Policies
TL;DR: A language, based on transaction logic, for specifying dynamic authorisation policies, i.e., rules governing actions that may depend on and update the authorisation state, featuring conditional bulk insertions and retractions of authorisation facts, non-monotonic negation, and nested action definitions with transactional execution semantics.
Related Papers (5)
A knowledge-based verification method for dynamic access control policies
Masoud Koleini,Mark Ryan +1 more