Analysis of Rewrite-Based Access Control Policies | Zendy

Claude Kirchner | Zendy; Anderson Santana de Oliveira | Zendy

AI Assistant Blog Pricing

Home ZAIA Blog

Open Access

Analysis of Rewrite-Based Access Control Policies

Author(s) -

Claude Kirchner,

Anderson Santana de Oliveira

Publication year - 2009

Publication title -

electronic notes in theoretical computer science

Language(s) - English

Resource type - Journals

SCImago Journal Rank - 0.242

H-Index - 60

ISSN - 1571-0661

DOI - 10.1016/j.entcs.2009.02.072

Subject(s) - computer science , executable , security policy , firewall (physics) , modular design , access control , abstraction , role based access control , policy analysis , order (exchange) , programming language , computer security , theoretical computer science , political science , business , philosophy , accretion (finance) , schwarzschild radius , finance , epistemology , charged black hole , law

The rewrite-based approach provides executable specifications for security policies, which can be independently designed, verified, and then anchored on programs using a modular discipline. In this paper, we describe how to perform queries over these rule-based policies in order to increase the trust of the policy author on the correct behavior of the policy. The analysis we provide is founded on the strategic narrowing process, which provides both the necessary abstraction for simulating executions of the policy over access requests and the mechanism for solving what-if queries from the security administrator. We illustrate this general approach by the analysis of a firewall system policy

The content you want is available to Zendy users.

Already have an account? Click here to sign in.

Having issues? You can contact us here

Accelerating Research