Model Checking Agent Knowledge in Dynamic Access Control Policies
نویسندگان
چکیده
In this paper, we develop a modeling technique based on interpreted systems in order to verify temporal-epistemic properties over access control policies. This approach enables us to detect information flow vulnerabilities in dynamic policies by verifying the knowledge of the agents gained by both reading and reasoning about system information. To overcome the practical limitations of state explosion in model-checking temporal-epistemic properties, we introduce a novel abstraction and refinement technique for temporal-epistemic safety properties in ACTLK (ACTL with knowledge modality K) and a class of interesting properties that does fall in this category.
منابع مشابه
Verification of agent knowledge in dynamic access control policies
We develop a modeling technique based on interpreted systems in order to verify temporal-epistemic properties over access control policies. This approach enables us to detect information flow vulnerabilities in dynamic policies by verifying the knowledge of the agents gained by both reading and reasoning about system information. To overcome the practical limitations of state explosion in model...
متن کاملModelling and verifying dynamic access control policies using knowledge-based model checking
The purpose of access control policies in computing is to guarantee that access to resources is solely restricted to legitimate users. This clarity of purpose does not make the design of these policies any easier. Today’s systems are large in size, have many users with different roles and can be accessed from anywhere and at any time. Systems often allowed users to perform actions and read data...
متن کاملVerification of temporal-epistemic properties of access control systems
Verification of access control systems against vulnerabilities has always been a challenging problem in the world of computer security. The complication of security policies in largescale multi-agent systems increases the possible existence of vulnerabilities as a result of mistakes in policy definition. This thesis explores automated methods in order to verify temporal and epistemic properties...
متن کاملA semantic-aware role-based access control model for pervasive computing environments
Access control in open and dynamic Pervasive Computing Environments (PCEs) is a very complex mechanism and encompasses various new requirements. In fact, in such environments, context information should be used in access control decision process; however, it is not applicable to gather all context information completely and accurately all the time. Thus, a suitable access control model for PCEs...
متن کاملCAMAC: a context-aware mandatory access control model
Mandatory access control models have traditionally been employed as a robust security mechanism in multilevel security environments such as military domains. In traditional mandatory models, the security classes associated with entities are context-insensitive. However, context-sensitivity of security classes and flexibility of access control mechanisms may be required especially in pervasive c...
متن کامل