2013 | OriginalPaper | Buchkapitel
Automated Certification of Authorisation Policy Resistance
verfasst von : Andreas Griesmayer, Charles Morisset
Erschienen in: Computer Security – ESORICS 2013
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Attribute-based Access Control (ABAC) extends traditional Access Control by considering an access request as a set of pairs
attribute name
-
value
, making it particularly useful in the context of open and distributed systems, where security relevant information can be collected from different sources. However, ABAC enables
attribute hiding attacks
, allowing an attacker to gain some access by withholding information.
In this paper, we first introduce the notion of policy
resistance
to attribute hiding attacks. We then propose the tool ATRAP (Automatic Term Rewriting for Authorisation Policies), based on the recent formal ABAC language PTaCL, which first automatically searches for resistance counter-examples using Maude, and then automatically searches for an Isabelle proof of resistance. We illustrate our approach with two simple examples of policies and propose an evaluation of ATRAP performances.