Automatic error finding in access-control policies

Karthick Jayaraman, Vijay Ganesh, Mahesh Tripunitara, Martin Rinard, Steve Chapin

Research output: Chapter in Book/Entry/PoemConference contribution

55 Scopus citations


Verifying that access-control systems maintain desired security properties is recognized as an important problem in security. Enterprise access-control systems have grown to protect tens of thousands of resources, and there is a need for verification to scale commensurately. We present a new abstraction-refinement technique for automatically finding errors in Administrative Role-Based Access Control (ARBAC) security policies. ARBAC is the first and most comprehensive administrative scheme for Role-Based Access Control (RBAC) systems. Underlying our approach is a change in mindset: we propose that error finding complements verification, can be more scalable, and allows for the use of a wider variety of techniques. In our approach, we use an abstraction-refinement technique to first identify and discard roles that are unlikely to be relevant to the verification question (the abstraction step), and then restore such abstracted roles incrementally (the refinement steps). Errors are one-sided: if there is an error in the abstracted policy, then there is an error in the original policy. If there is an error in a policy whose role-dependency graph diameter is smaller than a certain bound, then we find the error. Our abstraction-refinement technique complements conventional state-space exploration techniques such as model checking. We have implemented our technique in an access-control policy analysis tool. We show empirically that our tool scales well to realistic policies, and is orders of magnitude faster than prior tools.

Original languageEnglish (US)
Title of host publicationCCS'11 - Proceedings of the 18th ACM Conference on Computer and Communications Security
Number of pages12
StatePublished - 2011
Event18th ACM Conference on Computer and Communications Security, CCS'11 - Chicago, IL, United States
Duration: Oct 17 2011Oct 21 2011

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221


Other18th ACM Conference on Computer and Communications Security, CCS'11
Country/TerritoryUnited States
CityChicago, IL


  • Security
  • Verification

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications


Dive into the research topics of 'Automatic error finding in access-control policies'. Together they form a unique fingerprint.

Cite this