Validation of Safety-Like Properties for Entity-Based Access Control Policies

  • Sergey AfoninEmail author
  • Antonina Bonushkina
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 889)


In this paper safety problems for a simplified version of entity-based access control model are considered. By safety we mean the impossibility for a user to acquire access a given object by performing a sequence of legitimate operations over the database. Our model considers the database as a labelled graph. Object modification operations are guarded by FO-definable pre- and post-conditions. We show undecidability of the safety problem in general and describe an algorithm for deciding safety for a restricted class of access control policies.


Access control ABAC EBAC Safety Decidability 


  1. 1.
    Bogaerts, J., Decat, M., Lagaisse, B., Joosen, W.: Entity-based access control: supporting more expressive access control policies. In: Proceedings of the 31st Annual Computer Security Applications Conference, pp. 291–300. ACM (2015)Google Scholar
  2. 2.
    Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Commun. ACM 19(8), 461–471 (1976)CrossRefGoogle Scholar
  3. 3.
    Hughes, G., Bultan, T.: Automated verification of access control policies using a SAT solver. Int. J. Softw. Tools Technol. Transf. 10(6), 503–520 (2008)CrossRefGoogle Scholar
  4. 4.
    Kolovski, V., Hendler, J., Parsia, B.: Analyzing web access control policies. In: Proceedings of the 16th International Conference on World Wide Web, pp. 677–686. ACM (2007)Google Scholar
  5. 5.
    Li, N., Tripunitara, M.V.: Security analysis in role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC) 9(4), 391–420 (2006)CrossRefGoogle Scholar
  6. 6.
    Samarati, P., de Vimercati, S.C.: Access control: policies, models, and mechanisms. In: International School on Foundations of Security Analysis and Design, pp. 137–196. Springer (2000)Google Scholar
  7. 7.
    Servos, D., Osborn, S.L.: Current research and open problems in attribute-based access control. ACM Comput. Surv. 49(4), 65:1–65:45 (2017)Google Scholar
  8. 8.
    Turkmen, F., den Hartog, J., Ranise, S., Zannone, N.: Formal analysis of XACML policies using SMT. Comput. Secur. 66, 185–203 (2017)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Moscow State UniversityMoscowRussian Federation

Personalised recommendations