Attribute-based Access Control (ABAC) extends traditional Access Control by
considering an access request as a set of pairs attribute name-value, making it
particularly useful in the context of open and distributed systems, where
security relevant information can be collected from different sources. However,
ABAC enables attribute hiding attacks, allowing an attacker to gain some access
by withholding information. In this paper, we first introduce the notion of
policy resistance to attribute hiding attacks. We then propose the tool ATRAP
(Automatic Term Rewriting for Authorisation Policies), based on the recent
formal ABAC language PTaCL, which first automatically searches for resistance
counter-examples using Maude, and then automatically searches for an Isabelle
proof of resistance. We illustrate our approach with two simple examples of
policies and propose an evaluation of ATRAP performances.Comment: 20 pages, 4 figures, version including proofs of the paper that will
be presented at ESORICS 201
