86,181 research outputs found
Automated Certification of Authorisation Policy Resistance
Attribute-based Access Control (ABAC) extends traditional Access Control by
considering an access request as a set of pairs attribute name-value, making it
particularly useful in the context of open and distributed systems, where
security relevant information can be collected from different sources. However,
ABAC enables attribute hiding attacks, allowing an attacker to gain some access
by withholding information. In this paper, we first introduce the notion of
policy resistance to attribute hiding attacks. We then propose the tool ATRAP
(Automatic Term Rewriting for Authorisation Policies), based on the recent
formal ABAC language PTaCL, which first automatically searches for resistance
counter-examples using Maude, and then automatically searches for an Isabelle
proof of resistance. We illustrate our approach with two simple examples of
policies and propose an evaluation of ATRAP performances.Comment: 20 pages, 4 figures, version including proofs of the paper that will
be presented at ESORICS 201
Unranked Tree Rewriting and Effective Closures of Languages
International audienceWe consider rewriting systems for unranked ordered trees, where the number of chil- dren of a node is not determined by its label, and is not a priori bounded. The rewriting systems are defined such that variables in the rewrite rules can be substituted by hedges (sequences of trees) instead of just trees. Consequently, this notion of rewriting subsumes both standard term rewriting and word rewriting.We present some properties of preservation for classes of unranked tree languages, including hedge automata languages and various context-free extensions. Finally, ap- plications to static type checking for XML transformations and to the verification of read/write access control policies for XML updates are mentioned
Rewriting-Based Access Control Policies
In this paper we propose a formalization of access control policies based on term rewriting. The state of the system to which policies are enforced is represented as an algebraic term, what allows to model many aspects of the policy environment. Policies are represented as sets of rewrite rules, whose evaluation produces deterministic authorization decisions. We discuss the relation between properties of \trs and those important for access control, and the impact of composing policies to these properties
Rewrite based Verification of XML Updates
We consider problems of access control for update of XML documents. In the
context of XML programming, types can be viewed as hedge automata, and static
type checking amounts to verify that a program always converts valid source
documents into also valid output documents. Given a set of update operations we
are particularly interested by checking safety properties such as preservation
of document types along any sequence of updates. We are also interested by the
related policy consistency problem, that is detecting whether a sequence of
authorized operations can simulate a forbidden one. We reduce these questions
to type checking problems, solved by computing variants of hedge automata
characterizing the set of ancestors and descendants of the initial document
type for the closure of parameterized rewrite rules
Debugging of Web Applications with Web-TLR
Web-TLR is a Web verification engine that is based on the well-established
Rewriting Logic--Maude/LTLR tandem for Web system specification and
model-checking. In Web-TLR, Web applications are expressed as rewrite theories
that can be formally verified by using the Maude built-in LTLR model-checker.
Whenever a property is refuted, a counterexample trace is delivered that
reveals an undesired, erroneous navigation sequence. Unfortunately, the
analysis (or even the simple inspection) of such counterexamples may be
unfeasible because of the size and complexity of the traces under examination.
In this paper, we endow Web-TLR with a new Web debugging facility that supports
the efficient manipulation of counterexample traces. This facility is based on
a backward trace-slicing technique for rewriting logic theories that allows the
pieces of information that we are interested to be traced back through inverse
rewrite sequences. The slicing process drastically simplifies the computation
trace by dropping useless data that do not influence the final result. By using
this facility, the Web engineer can focus on the relevant fragments of the
failing application, which greatly reduces the manual debugging effort and also
decreases the number of iterative verifications.Comment: In Proceedings WWV 2011, arXiv:1108.208
Prototyping Formal System Models with Active Objects
We propose active object languages as a development tool for formal system
models of distributed systems. Additionally to a formalization based on a term
rewriting system, we use established Software Engineering concepts, including
software product lines and object orientation that come with extensive tool
support. We illustrate our modeling approach by prototyping a weak memory
model. The resulting executable model is modular and has clear interfaces
between communicating participants through object-oriented modeling.
Relaxations of the basic memory model are expressed as self-contained variants
of a software product line. As a modeling language we use the formal active
object language ABS which comes with an extensive tool set. This permits rapid
formalization of core ideas, early validity checks in terms of formal invariant
proofs, and debugging support by executing test runs. Hence, our approach
supports the prototyping of formal system models with early feedback.Comment: In Proceedings ICE 2018, arXiv:1810.0205
Extensional and Intensional Strategies
This paper is a contribution to the theoretical foundations of strategies. We
first present a general definition of abstract strategies which is extensional
in the sense that a strategy is defined explicitly as a set of derivations of
an abstract reduction system. We then move to a more intensional definition
supporting the abstract view but more operational in the sense that it
describes a means for determining such a set. We characterize the class of
extensional strategies that can be defined intensionally. We also give some
hints towards a logical characterization of intensional strategies and propose
a few challenging perspectives
- …