Checking security policies through an enhanced Control Flow Analysis

被引:4
|
作者
Bodei, Chiara [1 ]
Degano, Pierpaolo [1 ]
Priami, Corrado [2 ]
机构
[1] Univ Pisa, Dipartimento Informat, Via F Buonarroti 2, I-56127 Pisa, Italy
[2] Univ Trento, Dipartimento Informat & Telecomunicaz, I-1438050 Povo, TN, Italy
来源
JOURNAL OF COMPUTER SECURITY | 2005年 / 13卷 / 01期
关键词
Control Flow Analysis; security; access control policies; enhanced semantics;
D O I
10.3233/JCS-2005-13103
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
We introduce a Control Flow Analysis that statically approximates the dynamic behaviour of mobile processes, expressed in (a variant of) the pi-calculus. Our analysis of a system is able to describe the essential behaviour of each sub-system, tracking where and between which sub-processes communications may occur. This means that we can safely approximate the behaviour of a system plugged in a larger and mainly unknown context, without explicitly analysing it. Several possible properties can be investigated using this approximation, among which some related to confidentiality and to access control policies.
引用
收藏
页码:49 / 85
页数:37
相关论文
共 50 条
  • [1] Evaluating access control policies through model checking
    Zhang, N
    Ryan, M
    Guelev, DP
    INFORMATION SECURITY, PROCEEDINGS, 2005, 3650 : 446 - 460
  • [2] TOWARDS FORMAL SECURITY ANALYSIS OF DECENTRALIZED INFORMATION FLOW CONTROL POLICIES
    Yang, Zhi
    Yin, Lihua
    Jin, Shuyuan
    Duan, MiYi
    INTERNATIONAL JOURNAL OF INNOVATIVE COMPUTING INFORMATION AND CONTROL, 2012, 8 (11): : 7969 - 7981
  • [3] CorbFuzz: Checking Browser Security Policies with Fuzzing
    Shou, Chaofan
    Kadron, Ismet Burak
    Su, Qi
    Bultan, Tevfik
    2021 36TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING ASE 2021, 2021, : 215 - 226
  • [4] Automated Analysis of Access Control Policies Based on Model Checking
    Truong A.
    SN Computer Science, 2020, 1 (6)
  • [5] Security Analysis of Access Control Policies for Smart Homes
    Belfiore, Roberta Cimorelli
    Ferrara, Anna Lisa
    PROCEEDINGS OF THE 28TH ACM SYMPOSIUM ON ACCESS CONTROL MODELS AND TECHNOLOGIES, SACMAT 2023, 2023, : 99 - 106
  • [6] A Unified Class Model for Checking Security Policies in ICT Infrastructures
    Bertolotti, Ivan Cibrario
    Durante, Luca
    Hu, Tingting
    Valenzano, Adriano
    2012 IEEE FIRST AESS EUROPEAN CONFERENCE ON SATELLITE TELECOMMUNICATIONS (ESTEL), 2012,
  • [7] Conformance Checking of Dynamic Access Control Policies
    Power, David
    Slaymaker, Mark
    Simpson, Andrew
    FORMAL METHODS AND SOFTWARE ENGINEERING, 2011, 6991 : 227 - 242
  • [8] Model-checking access control policies
    Guelev, DP
    Ryan, M
    Schobbens, PY
    INFORMATION SECURITY, PROCEEDINGS, 2004, 3225 : 219 - 230
  • [9] Work-in-Progress: Combining Control Flow Checking for Safety and Security in Embedded Software
    Gold, Robert
    2017 INTERNATIONAL CONFERENCE ON EMBEDDED SOFTWARE (EMSOFT), 2017,
  • [10] Control Flow Checking Optimization Based On Regular Patterns Analysis
    Zhu, Zhiqi
    Callenes-Sloan, Joseph
    Schafer, Benjamin Carrion
    2018 IEEE 23RD PACIFIC RIM INTERNATIONAL SYMPOSIUM ON DEPENDABLE COMPUTING (PRDC), 2018, : 203 - 212
12345