Model-Checking Access Control Policies

10 years 1 months ago
Model-Checking Access Control Policies
We present a model of access control which provides fine-grained data-dependent control, can express permissions about permissions, can express delegation, and can describe systems which avoid the rootbottleneck problem. We present a language for describing goals of agents; these goals are typically to read or write the values of some resources. We describe a decision procedure which determines whether a given coalition of agents has the means (possibly indirectly) to achieve its goal. We argue that this question is decidable in the situation of the potential intruders acting in parallel with legitimate users and taking whatever temporary opportunities the actions of the legitimate users present. Our technique can also be used to synthesise finite access control systems, from an appropriately formulated logical theory describing a high-level policy.
Dimitar P. Guelev, Mark Ryan, Pierre-Yves Schobben
Added 02 Jul 2010
Updated 02 Jul 2010
Type Conference
Year 2004
Where ISW
Authors Dimitar P. Guelev, Mark Ryan, Pierre-Yves Schobbens
Comments (0)