Title :
Formal Analyses of Usage Control Policies
Author :
Pretschner, Alexander ; Ruesch, J. ; Schaefer, Christian ; Walter, Thomas
Author_Institution :
Fraunhofer IESE, Tech. Univ. Kaiserslautern, Kaiserslautern
Abstract :
Usage control is a generalization of access control that also addresses how data is handled after it is released. Usage control requirements are specified in policies. We present tool support for the following analysis problems. Is a policy consistent, i.e., satisfiable? Is an abstractly specified usage control mechanism capable of enforcing a given policy? Can we configure such a mechanism by analyzing respective policies? In the context of propagation, where upon re-distribution of data duties may only be increased and rights decreased, can we check if a policy is only strengthened in this sense? - Our solution uses a model checker as theorem prover and is based on a translation of usage control policies into a linear time logic (LTL) dialect. We provide evidence that even complex policies can be analyzed efficiently.
Keywords :
authorisation; formal logic; formal verification; theorem proving; access control; data duties; linear time logic dialect; model checker; theorem prover; usage control policies; Access control; Automatic control; Availability; Data security; Distributed control; Logic; Specification languages; Writing; access control; model checking; obligations; policies; usage control;
Conference_Titel :
Availability, Reliability and Security, 2009. ARES '09. International Conference on
Conference_Location :
Fukuoka
Print_ISBN :
978-1-4244-3572-2
Electronic_ISBN :
978-0-7695-3564-7
DOI :
10.1109/ARES.2009.100
