A Rigorous Framework for Specification, Analysis and Enforcement of Access Control Policies

TL;DR

This paper presents a formal, fully-implemented framework for specifying, analyzing, and enforcing attribute-based access control policies using FACPL, with automated verification and practical tools demonstrated through case studies and benchmarks.

Contribution

It introduces a rigorous, semantics-based approach to access control policy analysis with a dedicated language and supporting tools, addressing issues like missing attributes and policy relationships.

Findings

Effective verification of policy properties

Performance demonstrated through stress tests

Support for real-world e-Health case study

Abstract

Access control systems are widely used means for the protection of computing systems. They are defined in terms of access control policies regulating the accesses to system resources. In this paper, we introduce a formally-defined, fully-implemented framework for specification, analysis and enforcement of attribute-based access control policies. The framework rests on FACPL, a language with a compact, yet expressive, syntax for specification of real-world access control policies and with a rigorously defined denotational semantics. The framework enables the automatic verification of properties regarding both the authorisations enforced by single policies and the relationships among multiple policies. Effectiveness and performance of the analysis rely on a semantic-preserving representation of FACPL policies in terms of SMT formulae and on the use of efficient SMT solvers. Our analysis approach explicitly addresses some crucial aspects of policy evaluation, as e.g. missing attributes, erroneous values and obligations, which are instead overlooked in other proposals. The framework is supported by Java-based tools, among which an Eclipse- based IDE offering a tailored development and analysis environment for FACPL policies and a Java library for policy enforcement. We illustrate the framework and its formal ingredients by means of an e-Health case study, while its effectiveness is assessed by means of performance stress tests and experiments on a well-established benchmark.