Download PDFOpen PDF in browser

A Comprehensive Formal Solution for Access Control Policies Management: Defect Detection, Analysis and Risk Assessment

13 pagesPublished: March 26, 2017

Abstract

Nowadays, the access control is becoming increasingly important for open, ubiquitous and criti- cal systems. Nonetheless, efficient Administration, Management, Safety analysis and Risk assessment (AMSR) are recognized as fundamental and crucial challenges in todays access control infrastructures. In untrustworthy environment, the administration of an access control policy, which is a main secu- rity aspect, generally raises a critical analysis problem when the administration is distributed and/or potentially un-trusted users contribute to this process. Consequently, collusions attempts and inner threats may take place to generate crucial and invisible breaches to circumvent the policy. To address this issue, we introduce a rigorous and comprehensive solution for an efficient and secure management of access control policies. Our proposal gives a high visibility on the development process of an access control policy and allows in an elegant manner to detect, analyze and assess the risk associated to the policy defects. The strength of our proposal is that it relies on logic-like formalisms to ensure a high surety by verifying the correctness and the completeness of our formal reasoning. We rely on an example to illustrate the relevance of the proposal.

Keyphrases: access control, formal analysis, Formal Verification and Validation, Information Systems Security, risk assessment

In: Mohamed Mosbah and Michael Rusinowitch (editors). SCSS 2017. The 8th International Symposium on Symbolic Computation in Software Science 2017, vol 45, pages 120--132

Links:
BibTeX entry
@inproceedings{SCSS2017:Comprehensive_Formal_Solution_for,
  author    = {Faouzi Jaidi and Faten Labbene Ayachi and Adel Bouhoula},
  title     = {A Comprehensive Formal Solution for Access Control Policies Management: Defect Detection, Analysis and Risk Assessment},
  booktitle = {SCSS 2017. The 8th International Symposium on Symbolic Computation in Software Science 2017},
  editor    = {Mohamed Mosbah and Michael Rusinowitch},
  series    = {EPiC Series in Computing},
  volume    = {45},
  pages     = {120--132},
  year      = {2017},
  publisher = {EasyChair},
  bibsource = {EasyChair, https://easychair.org},
  issn      = {2398-7340},
  url       = {https://easychair.org/publications/paper/F3},
  doi       = {10.29007/q916}}
Download PDFOpen PDF in browser