Sciweavers

TDSC
2008

Towards Formal Verification of Role-Based Access Control Policies

13 years 3 months ago
Towards Formal Verification of Role-Based Access Control Policies
Specifying and managing access control policies is a challenging problem. We propose to develop formal verification techniques for access control policies to improve the current state of the art of policy specification and management. In this paper, we formalize classes of security analysis problems in the context of Role-Based Access Control. We show that in general these problems are PSPACE-complete. We also study the factors that contribute to the computational complexity by considering a lattice of various subcases of the problem with different restrictions. We show that several subcases remain PSPACE-complete, several further restricted subcases are NP-complete, and identify two subcases that are solvable in polynomial time. We also discuss our experiences and findings from experimentations that use existing formal method tools, such as model checking and logic programming, for addressing these problems.
Somesh Jha, Ninghui Li, Mahesh V. Tripunitara, Qih
Added 15 Dec 2010
Updated 15 Dec 2010
Type Journal
Year 2008
Where TDSC
Authors Somesh Jha, Ninghui Li, Mahesh V. Tripunitara, Qihua Wang, William H. Winsborough
Comments (0)