Title :
Towards Formal Verification of Role-Based Access Control Policies
Author :
Jha, Somesh ; Li, Ninghui ; Tripunitara, Mahesh ; Wang, Qihua ; Winsborough, William H.
Author_Institution :
Dept. of Comput. Sci., Univ. of Wisconsin, Madison, WI
Abstract :
Specifying and managing access control policies is a challenging problem. We propose to develop formal verification techniques for access control policies to improve the current state of the art of policy specification and management. In this paper, we formalize classes of security analysis problems in the context of role-based access control. We show that in general these problems are PSPACE-complete. We also study the factors that contribute to the computational complexity by considering a lattice of various subcases of the problem with different restrictions. We show that several subcases remain PSPACE-complete, several further restricted subcases are NP-complete, and identify two subcases that are solvable in polynomial time. We also discuss our experiences and findings from experimentations that use existing formal method tools, such as model checking and logic programming, for addressing these problems.
Keywords :
authorisation; computational complexity; formal specification; formal verification; NP-complete; PSPACE-complete; formal verification techniques; logic programming; model checking; policy management; policy specification; polynomial time; role-based access control policies; security analysis; Access controls; Complexity of proof procedures; Security and Protection;
Journal_Title :
Dependable and Secure Computing, IEEE Transactions on
DOI :
10.1109/TDSC.2007.70225
