IDEAS home Printed from https://ideas.repec.org/p/fir/econom/wp2016_05.html
   My bibliography  Save this paper

A Rigorous Framework for Specification, Analysis and Enforcement of Access Control Policies

Author

Listed:

Abstract

Access control systems are widely used means for the protection of computing systems. They are defined in terms of access control policies regulating the accesses to system resources. In this paper, we introduce a formally-defined, fully-implemented framework for the specification, analysis and enforcement of attribute-based access control policies. The framework rests on FACPL, a formal language with a compact, yet expressive, syntax that permits expressing real-world access control policies. By relying on the FACPL denotational semantics, we devise a constraint formalism that uniformly represents access control policies in terms of SMT formulae, whose solvers provide effective and efficient analysis. To this aim, we introduce and formalise a set of properties that permit assessing the authorisations enforced by policies and understanding the relationships among them. Our analysis approach explicitly addresses the role of missing attributes, erroneous values and obligations, that are crucial in policy evaluation and are instead overlooked in other proposals. The framework is supported by Java-based tools that allow access control system developers to use formally-defined functionalities without requiring them to be familiar with formal methods.

Suggested Citation

  • Andrea Margheri & Massimiliano Masi & Rosario Pugliese & Francesco Tiezzi, 2016. "A Rigorous Framework for Specification, Analysis and Enforcement of Access Control Policies," Econometrics Working Papers Archive 2016_05, Universita' degli Studi di Firenze, Dipartimento di Statistica, Informatica, Applicazioni "G. Parenti".
    • Handle: RePEc:fir:econom:wp2016_05
    as

    Download full text from publisher

    File URL: https://labdisia.disia.unifi.it/wp_disia/2016/wp_disia_2016_05.pdf
    File Function: First version, 2016-04
    Download Restriction: no
    ---><---

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:fir:econom:wp2016_05. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Fabrizio Cipollini (email available below). General contact details of provider: https://edirc.repec.org/data/dsfirit.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.