Verification of Robust Properties for Access Control Policies
This addresses the challenge of verifying security properties in dynamic, iterative policy development for organizations, though it is incremental as it builds on existing verification methods.
The paper tackles the problem of verifying access control policies that are incomplete or evolving by introducing robust property verification, which determines properties that hold regardless of future changes, and reduces it to proof search in a second-order logic programming language with soundness and completeness proven.
Existing methods for verifying access control policies require the policy to be complete and fully determined before verification can proceed, but in practice policies are developed iteratively, composed from independently maintained components, and extended as organisational structures evolve. We introduce robust property verification: the problem of determining what a policy's structure commits it to regardless of how pending decisions are resolved and regardless of subsequent extension. We define a support judgment $\Vdash_{P}Ï$ stating that policy $P$ has robust property $Ï$, with connectives for implication, conjunction, disjunction, and negation, prove that it is compositional (verified properties persist under policy extension by a monotonicity theorem), and show that despite quantifying universally over all possible policy extensions the judgment reduces to proof search in a second-order logic programming language. Soundness and completeness of this reduction are established, yielding a finitary and executable verification procedure for robust security properties.