Policy analysis for self-administrated role-based access control

Current techniques for security analysis of administrative role-based access control (ARBAC) policies restrict themselves to the separate administration assumption that essentially separates administrative roles from regular ones. The naive algorithm of tracking all users is all that is known for the security analysis of ARBAC policies without separate administration, and the state space explosion that this results in precludes building effective tools. In contrast, the separate administration assumption greatly simplifies the analysis since it makes it sufficient to track only one user at a time. However, separation limits the expressiveness of the models and restricts modeling distributed administrative control. In this paper, we undertake a fundamental study of analysis of ARBAC policies without the separate administration restriction, and show that analysis algorithms can be built that track only a bounded number of users, where the bound depends only on the number of administrative roles in the system. Using this fundamental insight paves the way for us to design an involved heuristic to further tame the state space explosion in practical systems. Our results are also very effective when applied on policies designed under the separate administration restriction. We implement our techniques and report on experiments conducted on several realistic case studies

Analyzing temporal role based access control models

Today, Role Based Access Control (RBAC) is the de facto model used for advanced access control, and is widely deployed in diverse enterprises of all sizes. Several extensions to the authorization as well as the administrative models for RBAC have been adopted in recent years. In this paper, we consider the temporal extension of RBAC (TRBAC), and develop safety analysis techniques for it. Safety analysis is essential for understanding the implications of security policies both at the stage of specification and modification. Towards this end, in this paper, we first define an administrative model for TRBAC. Our strategy for performing safety analysis is to appropriately decompose the TRBAC analysis problem into multiple subproblems similar to RBAC. Along with making the analysis simpler, this enables us to leverage and adapt existing analysis techniques developed for traditional RBAC. We have adapted and experimented with employing two state of the art analysis approaches developed for RBAC as well as tools developed for software testing. Our results show that our approach is both feasible and flexible

Refinement for Administrative Policies

Flexibility of management is an important requisite for access control systems as it allows users to adapt the access control system in accordance with practical requirements. This paper builds on earlier work where we defined administrative policies for a general class of RBAC models. We present a formal definition of administrative refinnement and we show that there is an ordering for administrative privileges which yields administrative refinements of policies. We argue (by giving an example) that this privilege ordering can be very useful in practice, and we prove that the privilege ordering is tractable

Security Analysis of Role-based Access Control through Program Verification

We propose a novel scheme for proving administrative role-based access control (ARBAC) policies correct with respect to security properties using the powerful abstraction based tools available for program verification. Our scheme uses a combination of abstraction and reduction to program verification to perform security analysis. We convert ARBAC policies to imperative programs that simulate the policy abstractly, and then utilize further abstract-interpretation techniques from program analysis to analyze the programs in order to prove the policies secure. We argue that the aggressive set-abstractions and numerical-abstractions we use are natural and appropriate in the access control setting. We implement our scheme using a tool called VAC that translates ARBAC policies to imperative programs followed by an interval-based static analysis of the program, and show that we can effectively prove access control policies correct. The salient feature of our approach are the abstraction schemes we develop and the reduction of role-based access control security (which has nothing to do with programs) to program verification problems

From “Clientelism” to a “Client-centred orientation”? The challenge of public administration reform in Russia

The inefficiency, corruption and lack of accountability that afflict public administration in Russia impose substantial direct costs on both entrepreneurs and ordinary citizens. This paper examines the major weaknesses of Russia’s public administration and assesses the government’s recently revised programme of administrative reform. It lays particular stress on the relationship between public bureaucracies and the larger institutional environment within which they operate, as well as on the need for far greater transparency of public bodies and stronger non-judicial means of redress for citizens wishing to challenge bureaucratic decisions. Many of the problems of Russia’s public administration are aggravated by the fact that the Russian state often tries to do too much: the paper therefore explores the link between administrative reform and the scope of state ownership and regulation

Judicial Review of European Administrative Procedure

Schwarze examines the requirements set down in the case law of the Court of Justice and the Court of First Instance that serve to guarantee a fair and impartial administrative process. He also considers whether improvements should be made to the design of the administrative process and, if so, what kind

The Property Tax in a New Environment: Lessons from International Tax Reform Efforts

Contemporary property tax reforms face the challenge of identifying the appropriate role for a tax on immobile physical assets in an economy ever more reliant on mobile and intangible factors. The property tax can offer a stable revenue source particularly well suited for local government and a valuable adjunct to land reform initiatives. At the same time, it requires administrative capability, legislative support and political acceptance that are often lacking in highly developed and long established systems as well as in transition economies. Technological advances offer potential efficiency gains in assessment, administration and collection, but they can also consume vast sums for glamorous but inappropriate projects that yield little additional revenue.Working Paper Number 04-49

Judicial Review of European Administrative Procedure

Schwarze examines the requirements set down in the case law of the Court of Justice and the Court of First Instance that serve to guarantee a fair and impartial administrative process. He also considers whether improvements should be made to the design of the administrative process and, if so, what kind