Presentation is loading. Please wait.

Presentation is loading. Please wait.

Author: Graham Hughes, Tevfik Bultan Computer Science Department, University of California, Santa Barbara, CA 93106, USA Source: International Journal.

Published byRaymond O’Brien’ Modified over 9 years ago

Similar presentations

Presentation on theme: "Author: Graham Hughes, Tevfik Bultan Computer Science Department, University of California, Santa Barbara, CA 93106, USA Source: International Journal."— Presentation transcript:

1 Author: Graham Hughes, Tevfik Bultan Computer Science Department, University of California, Santa Barbara, CA 93106, USA Source: International Journal on Software Tools for Technology Transfer (STTT) Volume 10 Issue 6, October 2008 10.1007/s10009-008-0087-9 Presented by Jui-Lung Yao, Master Student of CSIE, CCU Automated verification of access control policies using a SAT solver 1

2 Outline Introduction A simple XACML policy Formal model Boolean logic formula Experiments Conclusion 2

3 Outline Introduction A simple XACML policy Formal model Boolean logic formula Experiments Conclusion 3

4 Introduction Flow chart 4 Described Language of XACML Policy Transformation with Formal model Boolean formula in CNF SAT solver Boolean logic formula Convert to Conjunctive Normal Form (CNF)

5 Outline Introduction A simple XACML policy Formal model Boolean logic formula Experiments Conclusion 5

6 A simple XACML policy EXtensible Access Control Markup Language OASIS standard (Organization for the Advancement of Structured Information Standards) 6

7 Example The policy states that to be able to vote a person must be at least 18 years old and a person who has voted already cannot vote. 7

8 Age At least 18 years old 8

9 Voted-yet Voted already 9

10 Action Vote 10

11 Environment Our environment, the set of information we are interested in. 11

12 Outline Introduction A simple XACML policy Formal model Boolean logic formula Experiments Conclusion 12

13 Formal model R = {Permit, Deny, NotApp, Indet} be the set of valid results. P: define the set of valid policies 13

14 14 Semantics of policies To formalize the semantics of policies, we define a function

15 Notation We can now model our example as follows: 15

16 Normal form Define an equivalence relation: Function f that takes a policy and returns another policy an eff-preserving transformation 16

17 Shorthand Define a shorthand 〈 S, R, T 〉, where S, R and T are pairwise disjoint, as follows: For any policy p a triple p T that is equivalent to it exists: the triple is just 17

18 〈 S, R, T 〉 reduction Function g 18

19 Example Applying f and g to policy 19

20 Outline Introduction A simple XACML policy Formal model Boolean logic formula Experiments Conclusion 20

21 Basic predicates BP is a set of basic predicates Non-terminal C 21

22 Translation to Boolean logic formula 22

23 Conversion to CNF Creates an auxiliary variable for each sub-expression, and then combines the auxiliary variables. Example 23

24 Example Let P1 = 〈 S1, R1, T1 〉 and let P2 = 〈 S2, R2, T2 〉 be two policies. We define the following partial orders: Define: 24

25 Example (cont’) Generate a formula F, Send the property ¬F to the SAT solver. 25

26 Outline Introduction A simple XACML policy Formal model Boolean logic formula Experiments Conclusion 26

27 Experiments Use the Continue example, encoded into XACML by Fisler et al.. Continue is a Web-based conference management tool, aiding paper submission, review, discussion and notification. Use the Medico example from the XACML specification, which models a simple medical database meant to be accessed by physicians. Encoded voting example 27

28 Experiments (cont’) Property C1 tests that the conference manager correctly denies program committee chairs the ability to review papers he/she has a conflict with. Property C2 and C7 test that the conference manager permits program committee members to edit reviews they own. Property C3 and C8 test that the conference manager denies access to users without a defined role. Property C4 and C5 test that the conference manager will permit a program committee member who has called a meeting to read documents concerning the meeting, but not other arbitrary documents. Property C6 tests whether the conference manager permits program committee members to read all parts of a review. 28

29 Experiments (cont’) Property C9 tests whether the conference manager permits unauthorized user roles to set meetings. Property C10 and C11 test that the conference manager permits program committee members who have filed their review to read the reviews of others, and denies program committee members that have not yet filed their review from reading other reviews. Property M1 and M2 test whether the unified Medico policy permits a physician to edit the medical records of their patients. Property V1 is just the voting property. 29

30 Margrave Margrave is a change impact analysis tool for XACML language. The CONTINUE example only runs under Margrave 1-1 and XACML 1.0. Margrave parses the XACML and converts it into a form suitable for analysis only once, and then can check as many properties as is desired. Margrave manages this by using a binary decision diagram (BDD) for analysis. 30

31 Table 1: Verification performance under this work 31

32 Table 2: Verification performance under Margrave 32

33 Outline Introduction A simple XACML policy Formal model Boolean logic formula Experiments Conclusion 33

34 Conclusion We have presented a formal model for access control policies, and shown how to verify interesting properties about such models in an automated way. We translate queries about access control policies to Boolean satisfiability problems and use a sat solver to obtain an answer. For finite state specifications our approach is sound and complete as long as the user chooses a sufficiently large bound and the complex XACML functions are not used in the specification. 34

35 Thanks for your listening 35

Download ppt "Author: Graham Hughes, Tevfik Bultan Computer Science Department, University of California, Santa Barbara, CA 93106, USA Source: International Journal."

Similar presentations

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.

An Introduction to the Model Verifier verds Wenhui Zhang September 15 th, 2010.
UIUC CS 497: Section EA Lecture #2 Reasoning in Artificial Intelligence Professor: Eyal Amir Spring Semester 2004.

UIUC CS 497: Section EA Lecture #2 Reasoning in Artificial Intelligence Professor: Eyal Amir Spring Semester 2004.
Margrave: XACML Verification and Change-Impact Analysis Kathi Fisler, WPI Shriram Krishnamurthi, Brown Leo Meyerovich, Brown Michael Carl Tschantz, Brown.

Margrave: XACML Verification and Change-Impact Analysis Kathi Fisler, WPI Shriram Krishnamurthi, Brown Leo Meyerovich, Brown Michael Carl Tschantz, Brown.
Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.
Software Failure: Reasons Incorrect, missing, impossible requirements * Requirement validation. Incorrect specification * Specification verification. Faulty.

Software Failure: Reasons Incorrect, missing, impossible requirements * Requirement validation. Incorrect specification * Specification verification. Faulty.
Of 27 lecture 7: owl - introduction. of 27 ece 627, winter ‘132 OWL a glimpse OWL – Web Ontology Language describes classes, properties and relations.

Of 27 lecture 7: owl - introduction. of 27 ece 627, winter ‘132 OWL a glimpse OWL – Web Ontology Language describes classes, properties and relations.
New Kind of Logic The first step to approch this questions consists of a new definition of logic operators able to explain the richness of the events happened.

New Kind of Logic The first step to approch this questions consists of a new definition of logic operators able to explain the richness of the events happened.
Efficient Query Evaluation on Probabilistic Databases

Efficient Query Evaluation on Probabilistic Databases
Review of topics Final exam : -May 2nd to May 7 th - Projects due on May 7th.

Review of topics Final exam : -May 2nd to May 7 th - Projects due on May 7th.
CS 290C: Formal Models for Web Software Lectures 16: Modeling and Analyzing Access Control Policies Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lectures 16: Modeling and Analyzing Access Control Policies Instructor: Tevfik Bultan.
Interpolants [Craig 1957] G(y,z) F(x,y)

Interpolants [Craig 1957] G(y,z) F(x,y)
1 Boolean Satisfiability in Electronic Design Automation (EDA ) By Kunal P. Ganeshpure.

1 Boolean Satisfiability in Electronic Design Automation (EDA ) By Kunal P. Ganeshpure.
1 8. Safe Query Languages Safe program – its semantics can be at least partially computed on any valid database input. Safety is tied to program verification,

1 8. Safe Query Languages Safe program – its semantics can be at least partially computed on any valid database input. Safety is tied to program verification,
Firewall Policy Queries Author: Alex X. Liu, Mohamed G. Gouda Publisher: IEEE Transaction on Parallel and Distributed Systems 2009 Presenter: Chen-Yu Chang.

Firewall Policy Queries Author: Alex X. Liu, Mohamed G. Gouda Publisher: IEEE Transaction on Parallel and Distributed Systems 2009 Presenter: Chen-Yu Chang.
Developing Verifiable Concurrent Software Tevfik Bultan Department of Computer Science University of California, Santa Barbara

Developing Verifiable Concurrent Software Tevfik Bultan Department of Computer Science University of California, Santa Barbara
Computers: Tools for an Information Age

Computers: Tools for an Information Age
Embedded Systems Laboratory Department of Computer and Information Science Linköping University Sweden Formal Verification and Model Checking Traian Pop.

Embedded Systems Laboratory Department of Computer and Information Science Linköping University Sweden Formal Verification and Model Checking Traian Pop.
Outline. 1-2 25 Chapter 1 Hardware, Software, Programming, Web surfing, email… Chapter Goals –Describe the layers of a computer system –Describe the concept.

Outline Chapter 1 Hardware, Software, Programming, Web surfing, … Chapter Goals –Describe the layers of a computer system –Describe the concept.

Similar presentations

Ads by Google