Internet Archive Scholar

Vac - Verifier of Administrative Role-Based Access Control Policies [chapter]

Anna Lisa Ferrara, P. Madhusudan, Truc L. Nguyen, Gennaro Parlato
2014 Lecture Notes in Computer Science  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (139.5 kB)
https://web.archive.org/web/20171118090954/https://core.ac.uk/download/pdf/29043407.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL. The file type is application/pdf.

In this paper we present Vac, an automatic tool for verifying security properties of administrative Role-based Access Control (RBAC). RBAC has become an increasingly popular access control model, particularly suitable for large organizations, and it is implemented in several software. Automatic security analysis of administrative RBAC systems is recognized as an important problem, as an analysis tool can help designers check whether their policies meet expected security properties. Vac converts
more » ... administrative RBAC policies to imperative programs that simulate the policies both precisely and abstractly and supports several automatic verification back-ends to analyze the resulting programs. In this paper, we describe the architecture of Vac and overview the analysis techniques that have been implemented in the tool. We also report on experiments with several benchmarks from the literature.
doi:10.1007/978-3-319-08867-9_12 fatcat:qxrz5t2q4jexre5mxrsb3hqwsa
Citation

Anna Lisa Ferrara, P. Madhusudan, Truc L. Nguyen, Gennaro Parlato. "Vac - Verifier of Administrative Role-Based Access Control Policies." Lecture Notes in Computer Science (2014) 184-191