Abstract
We study the decidability of the safety problem in the usage control (UCON) model. After defining a formal model, we identify sufficient conditions for the decidability of the safety problem for UCON systems whose attributes are allowed to range over infinite domains and updates in one process may affect the state of another. Our result is a significant generalization of those available in the literature.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alberti, F., Armando, A., Ranise, S.: ASASP: Automated Symbolic Analysis of Security Policies. In: Bjørner, N., Sofronie-Stokkermans, V. (eds.) CADE 2011. LNCS, vol. 6803, pp. 26–33. Springer, Heidelberg (2011)
De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Samarati, P.: Access control policies and languages. IJCSE 3(2), 94–102 (2007)
Enderton, H.B.: A Mathematical Introduction to Logic. Academic Press, New York (1972)
Ghilardi, S., Ranise, S.: Backward reachability of array-based systems by smt solving: Termination and invariant synthesis. LMCS 6(4) (2010)
Jagadeesan, R., Marrero, W., Pitcher, C., Saraswat, V.: Timed constraint programming: A declarative approach to usage control. In: PPDP. ACM (2005)
Janicke, H., Cau, A., Zedan, H.: A note on the formalization of UCON. In: SACMAT. ACM (2007)
Kleiner, E., Newcomb, T.: On the Decidability of the Safety Problem for Access Control Policies. In: AVoCS. ENTCS, pp. 91–103 (2006)
Kröger, F., Merz, S.: Temporal Logic and State Systems. Springer (2008)
Lazouski, A., Martinelli, F., Mori, P.: Usage control in computer security: A survey. Computer Science Review 4, 81–99 (2010)
Li, N., Tripunitara, M.V.: Security analysis in role-based access control. ACM Trans. Inf. Syst. Security 9(4), 391–420 (2006)
Massonet, P., Arenas, A., Martinelli, F., Mori, P., Crispo, B.: Usage control for trust and security in next generation grids. In: At Your Service. MIT Press (2008)
Park, J., Sandhu, R.: Towards usage control models: Beyond traditional access control. In: SACMAT, pp. 57–64. ACM (2002)
Pretschner, A., Rüesch, J., Schaefer, C., Walter, T.: Formal Analyses of Usage Control Policies. In: Int. Conf. on Av., Rel. and Sec., pp. 98–105 (2009)
Zhang, N., Ryan, M.D., Guelev, D.P.: Evaluating Access Control Policies Through Model Checking. In: Zhou, J., López, J., Deng, R.H., Bao, F. (eds.) ISC 2005. LNCS, vol. 3650, pp. 446–460. Springer, Heidelberg (2005)
Zhang, X., Parisi-Presicce, F., Sandhu, R., Park, J.: Formal Model and Policy Specification of Usage Control. ACM TISSec 8(4), 351–387 (2005)
Zhang, X., Sandhu, R., Parisi-Presicce, F.: Safety Analysis of Usage Control Authorization Models. In: ASIACCS. ACM (2006)
Zhigang, Z., Jiandong, W., Yuguang, M.: Study and Safety Analysis of UCON onA Model. In: 1st Int. Ws. on Database Technology and App., pp. 103–106 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ranise, S., Armando, A. (2012). On the Automated Analysis of Safety in Usage Control: A New Decidability Result. In: Xu, L., Bertino, E., Mu, Y. (eds) Network and System Security. NSS 2012. Lecture Notes in Computer Science, vol 7645. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34601-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-34601-9_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34600-2
Online ISBN: 978-3-642-34601-9
eBook Packages: Computer ScienceComputer Science (R0)