Abstract
The principle merits of access control models lie in the ability to precisely reason about their security properties in lineage of the safety problem. It formalizes the question if future changes in a model’s protection state may eventually violate a security requirement, thereby falsifying model correctness. One fundamental problem of safety analysis is that, as proven in the seminal HRU model calculus, this property is undecidable for the most expressive class of models. To tackle this problem in practical security engineering, a heuristic approach has proven useful that exploits the fact that model commands share dependencies, which are assumed to be (1) one-dimensional and (2) static. In complex models for modern application domains, such as type enforcement in operating systems, both assumptions cannot be made. This paper studies both problems and provides a heuristic solution approach for the problem of dynamic dependencies. Based on our heuristic, we demonstrate the practical impact of this analysis problem and discuss the general implications on model design and analysis strategies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
To formally comply with set algebra, we treat mappings equally to relations.
- 2.
We use the Kleene operator to indicate that multiple parameters may be passed.
- 3.
For the sake of a more concise discussion, we ignore the SELinux-concept of entrypoints.
- 4.
Note that “spam” is a right value, not a variable.
- 5.
All right variables not assigned in this step may be randomly assigned with values.
- 6.
The runtime is also influenced by the number of right variables (\(| X_\textsf {PRE}\cup X_\textsf {POST}|\)). However for a static set R this means that: \(\forall c \in \varSigma _c: | c.X_\textsf {PRE}| \le | R |\) (analogous for \(c.X_\textsf {POST}\)). Therefore this impact can be assumed as constant.
- 7.
Note that this implication of the command classification holds for HRU\(^\star \) only.
- 8.
A machine with an Intel i5 CPU at 2.90 GHz and 8 GB RAM was used.
References
Amthor, P.: The entity labeling pattern for modeling operating systems access control. In: Obaidat, M.S., Lorenz, P. (eds.) ICETE 2015. CCIS, vol. 585, pp. 270–292. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30222-5_13
Amthor, P.: Efficient heuristic safety analysis of core-based security policies. In: Proceedings of the 14th International Conference on Security and Cryptography. SECRYPT 2017, pp. 384–392 (2017). https://doi.org/10.5220/0006477103840392
Amthor, P.: Aspect-Oriented Security Engineering. Cuvillier Verlag, Göttingen (2019), ISBN 978-3-7369-9980-0
Amthor, P., Kühnhauser, W.E., Pölck, A.: Model-based safety analysis of SELinux security policies. In: Samarati, P., Foresti, S., Hu, J., Livraga, G. (eds.) Proceedings of 5th International Conference on Network and System Security, pp. 208–215. IEEE (2011)
Amthor, P., Kühnhauser, W.E., Pölck, A.: Heuristic safety analysis of access control models. In: Proceedings of the 18th ACM Symposium on Access Control Models and Technologies, SACMAT 2013, pp. 137–148. ACM, New York (2013). http://doi.acm.org/10.1145/2462410.2462413
Amthor, P., Kühnhauser, W.E., Pölck, A.: WorSE: a workbench for model-based security engineering. Comput. Secur. 42, 40–55 (2014). https://doi.org/10.1016/j.cose.2014.01.002. http://www.sciencedirect.com/science/article/pii/S0167404814000066
Fischer, A., Kühnhauser, W.E.: Efficient algorithmic safety analysis of HRU security models. In: Katsikas, S., Samarati, P. (eds.) Proceedings of the International Conference on Security and Cryptography (SECRYPT 2010), pp. 49–58. SciTePress (2010)
Harrison, M.A., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Commun. ACM 19(8), 461–471 (1976). http://doi.acm.org/10.1145/360303.360333
Kühnhauser, W.E., Pölck, A.: Towards access control model engineering. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 379–382. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25560-1_27
Lipton, R.J., Snyder, L.: A linear time algorithm for deciding subject security. J. ACM 24(3), 455–464 (1977)
Masoumzadeh, A.: Security analysis of relationship-based access control policies. In: Proceedings of the 8th ACM Conference on Data and Application Security and Privacy, CODASPY 2018, pp. 186–195. ACM, New York (2018). http://doi.acm.org/10.1145/3176258.3176323
Pölck, A.: Small TCBs of policy-controlled operating systems. Universitätsverlag Ilmenau, May 2014
Rajkumar, P.V., Sandhu, R.: Safety decidability for pre-authorization usage control with finite attribute domains. IEEE Trans. Dependable Secure Comput. 13(5), 582–590 (2016). https://doi.org/10.1109/TDSC.2015.2427834
Sandhu, R.S.: The typed access matrix model. In: Proceedings of the 1992 IEEE Symposium on Security and Privacy, SP 1992, pp. 122–136. IEEE Computer Society, Washington, DC (1992). http://dl.acm.org/citation.cfm?id=882488.884182
Stoller, S.D., Yang, P., Gofman, M., Ramakrishnan, C.R.: Symbolic reachability analysis for parameterized administrative role based access control. Comput. Secur. 30(2–3), 148–164 (2011)
Tripunitara, M.V., Li, N.: A theory for comparing the expressive power of access control models. J. Comput. Secur. 15(2), 231–272 (2007). http://dl.acm.org/citation.cfm?id=1370659.1370662
Tripunitara, M.V., Li, N.: The foundational work of Harrison-Ruzzo-Ullman revisited. IEEE Trans. Dependable Secur. Comput. 10(1), 28–39 (2013). https://doi.org/10.1109/TDSC.2012.77
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Amthor, P., Rabe, M. (2020). Command Dependencies in Heuristic Safety Analysis of Access Control Models. In: Benzekri, A., Barbeau, M., Gong, G., Laborde, R., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2019. Lecture Notes in Computer Science(), vol 12056. Springer, Cham. https://doi.org/10.1007/978-3-030-45371-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-45371-8_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-45370-1
Online ISBN: 978-3-030-45371-8
eBook Packages: Computer ScienceComputer Science (R0)