EconPapers    
Economics at your fingertips  
 

A Rigorous Framework for Specification, Analysis and Enforcement of Access Control Policies

Andrea Margheri (), Massimiliano Masi (), Rosario Pugliese () and Francesco Tiezzi ()
Additional contact information
Andrea Margheri: Dipartimento di Statistica, Informatica, Applicazioni "G. Parenti", Università di Firenze - Dipartimento di Informatica, Università di Pisa
Massimiliano Masi: Tiani "Spirit" GmbH, Vienna, Austria
Rosario Pugliese: Dipartimento di Statistica, Informatica, Applicazioni "G. Parenti", Università di Firenze, https://www.disia.unifi.it
Francesco Tiezzi: Università di Camerino

No 2016_05, Econometrics Working Papers Archive from Universita' degli Studi di Firenze, Dipartimento di Statistica, Informatica, Applicazioni "G. Parenti"

Abstract: Access control systems are widely used means for the protection of computing systems. They are defined in terms of access control policies regulating the accesses to system resources. In this paper, we introduce a formally-defined, fully-implemented framework for the specification, analysis and enforcement of attribute-based access control policies. The framework rests on FACPL, a formal language with a compact, yet expressive, syntax that permits expressing real-world access control policies. By relying on the FACPL denotational semantics, we devise a constraint formalism that uniformly represents access control policies in terms of SMT formulae, whose solvers provide effective and efficient analysis. To this aim, we introduce and formalise a set of properties that permit assessing the authorisations enforced by policies and understanding the relationships among them. Our analysis approach explicitly addresses the role of missing attributes, erroneous values and obligations, that are crucial in policy evaluation and are instead overlooked in other proposals. The framework is supported by Java-based tools that allow access control system developers to use formally-defined functionalities without requiring them to be familiar with formal methods.

Keywords: Attribute-based Access Control; Policy Languages; Policy Analysis; SMT (search for similar items in EconPapers)
Pages: 52 pages
Date: 2016-04
References: View complete reference list from CitEc
Citations: Track citations by RSS feed

Downloads: (external link)
https://local.disia.unifi.it/wp_disia/2016/wp_disia_2016_05.pdf First version, 2016-04 (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:fir:econom:wp2016_05

Access Statistics for this paper

More papers in Econometrics Working Papers Archive from Universita' degli Studi di Firenze, Dipartimento di Statistica, Informatica, Applicazioni "G. Parenti" Viale G.B. Morgagni, 59 - I-50134 Firenze - Italy. Contact information at EDIRC.
Bibliographic data for series maintained by Fabrizio Cipollini ().

 
Page updated 2020-11-28
Handle: RePEc:fir:econom:wp2016_05