When Role Models Have Flaws: Static Validation of Enterprise Security Policies

Modern multi-user software systems have adopted Role-Based Access Control (RBAC) for authorization management. This paper presents a formal model for RBAC policy validation and a static-analysis model for RBAC systems that can be used to identify the roles required by users to execute an enterprise application, detect potential inconsistencies caused by principal-delegation policies, which are used to override a user's role assignment, report if the roles assigned to a user by a given policy are redundant or insufficient, and report vulnerabilities that can result from unchecked intra-component accesses. The algorithms described in this paper have been implemented as part of IBM's Enterprise Security Policy Evaluator (ESPE) tool