Implement Security Analysis of Access Control Policy Based on Constraint by SMT

Submitted by grigby1 on Fri, 05/12/2023 - 10:15am

Title	Implement Security Analysis of Access Control Policy Based on Constraint by SMT
Publication Type	Conference Paper
Year of Publication	2022
Authors	Liu, Aodi, Du, Xuehui, Wang, Na, Wang, Xiaochang, Wu, Xiangyu, Zhou, Jiashun
Conference Name	2022 IEEE 5th International Conference on Electronics Technology (ICET)
Date Published	may
Keywords	ABAC, Access Control, Analytical models, Conferences, control theory, Human Behavior, human factors, Information security, performance evaluation, policy analysis, pubcrawl, resilience, Resiliency, satisfiability modulo theories, Scalability, security, Semantics, Transforms
Abstract	Access control is a widely used technology to protect information security. The implementation of access control depends on the response generated by access control policies to users' access requests. Therefore, ensuring the correctness of access control policies is an important step to ensure the smooth implementation of access control mechanisms. To solve this problem, this paper proposes a constraint based access control policy security analysis framework (CACPSAF) to perform security analysis on access control policies. The framework transforms the problem of security analysis of access control policy into the satisfiability of security principle constraints. The analysis and calculation of access control policy can be divided into formal transformation of access control policy, SMT coding of policy model, generation of security principle constraints, policy detection and evaluation. The security analysis of policies is divided into mandatory security principle constraints, optional security principle constraints and user-defined security principle constraints. The multi-dimensional security analysis of access control policies is realized and the semantic expression of policy analysis is stronger. Finally, the effectiveness of this framework is analyzed by performance evaluation, which proves that this framework can provide strong support for fine-grained security analysis of policies, and help to correctly model and conFigure policies during policy modeling, implementation and verification.
Notes	ISSN: 2768-6515
DOI	10.1109/ICET55676.2022.9824517
Citation Key	liu_implement_2022

Groups:

Science of Security VO