On the Design and Testing of Authorization Systems

Abstract

Authorization deals with the specification and management of accesses principals have to resources. In the design of an authorization system, sometimes we just implement the accessenforcement without having a precise semantics for it. In this dissertation we show that, there exists a precise semantics that improves the efficiency of access-enforcement over the accessenforcement without precise semantics. We present an algorithm to produce an Access Control List (ACL), in a particular authorization system for version control syatems called gitolite, and we compare the implementation of our algorithm against the implementation that is already being used. As another design problem, we consider least-restrictive enforcement of the Chinese Wall security policy. We show that there exists a least-restrictive enforcement of the Chinese Wall Security Policy. Our approach to proving the thesis is by construction; we present an enforcement that is least-restrictive. We also prove that such an enforcement mechanism cannot be subjectindependent. We also propose a methodology that tests the implementation of an authorization system to check whether it has properties of interest. The properties may be considered to be held in the design of an authorization system, but they are not held in the implementation. We show that there exist authorization systems that do not have the properties of interest.