Symbolic backward reachability with effectively propositional logic - Applications to security policy analysis
نویسنده
چکیده
We describe a symbolic procedure for solving the reachability problem of transition systems that use formulae of Effectively Propositional Logic to represent sets of backward reachable states. We discuss the key ideas for the mechanization of the procedure where fix-point checks are reduced to SMT problems. We also show the termination of the procedure on a sub-class of transition systems. Then, we discuss how reachability problems for this sub-class can be used to encode analysis problems of administrative policies in the Role-Based Access Control (RBAC) model that is one of the most widely adopted access control paradigms. An implementation of a refinement of the backward reachability procedure, called ASASP, shows better flexibility and scalability than a state-of-the-art tool on a significant set of security problems.
منابع مشابه
Symbolic Reachability Analysis of Higher-Order Context-Free Processes
We consider the problem of symbolic reachability analysis of higher-order context-free processes. These models are generalizations of the context-free processes (also called BPA processes) where each process manipulates a data structure which can be seen as a nested stack of stacks. Our main result is that, for any higher-order context-free process, the set of all predecessors of a given regula...
متن کاملVerification of Composed Array-Based Systems with Applications to Security-Aware Workflows
We introduce a class of symbolic transition systems capable of representing collections of security-aware workflows and we study the verification of reachability properties of such systems. More precisely, we define composed array-based systems as an extension of array-based systems in which array variables are indexed over more than one type. For an application relevant sub-class of these syst...
متن کاملChecking Bounded Reachability in Asynchronous Systems by Symbolic Event Tracing
This report presents a new symbolic technique for checking reachability properties of asynchronous systems by reducing the problem to satisfiability in restrained difference logic. The analysis is bounded by fixing a finite set of potential events, each of which may occur at most once in any order. The events are specified using high-level Petri nets. The logic encoding describes the space of p...
متن کاملStranger: An Automata-Based String Analysis Tool for PHP
STRANGER is an automata-based string analysis tool for finding and eliminating string-related security vulnerabilities in PHP applications. STRANGER uses symbolic forward and backward reachability analyses to compute the possible values that the string expressions can take during program execution. STRANGER can automatically (1) prove that an application is free from specified attacks or (2) ge...
متن کاملWell (and better) quasi-ordered transition systems
In this paper, we give a step by step introduction to the theory of well quasi-ordered transition systems. The framework combines two concepts, namely (i) transition systems which are monotonic wrt. a well-quasi ordering; and (ii) a scheme for symbolic backward reachability analysis. We describe several models with infinitestate spaces, which can be analyzed within the framework, e.g., Petri ne...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Formal Methods in System Design
دوره 42 شماره
صفحات -
تاریخ انتشار 2013