Specification and Analysis of Dynamic Authorisation Policies

13 years 8 months ago
Specification and Analysis of Dynamic Authorisation Policies
This paper presents a language, based on transaction logic, for specifying dynamic authorisation policies, i.e., rules governing actions that may depend on and update the authorisation state. The language is more expressive than previous dynamic authorisation languages, featuring conditional bulk insertions and retractions of authorisation facts, non-monotonic negation, and nested action definitions with transactional execution semantics. Two complementary policy analysis methods are also presented, one based on AI planning for verifying reachability properties in finite domains, and the second based on automated theorem proving, for checking policy invariants that hold for all sequences of actions and in arbitrary, including infinite, domains. The combination of both methods can analyse a wide range of security properties, including safety, availability and containment.
Moritz Y. Becker
Added 14 Aug 2010
Updated 14 Aug 2010
Type Conference
Year 2009
Where CSFW
Authors Moritz Y. Becker
Comments (0)