@inproceedings{naldurg2006netra,
author = {Naldurg, Prasad and Schwoon, Stefan and Rajamani, Sriram and Lambert, John},
title = {NETRA: Seeing Through Access Control},
booktitle = {Proceedings of the 4th ACM Workshop on Formal Methods in Security Engineering: From Specifications to Code (FMSE)},
year = {2006},
month = {November},
abstract = {We present netra, a tool for systematically analyzing and detecting explicit information-flow vulnerabilities in access control configurations. Our tool takes a snapshot of the access-control metadata, and performs static analysis on this snapshot. We devise an augmented relational calculus that naturally models both access control mechanisms and information-flow policies uniformly. This calculus is interpreted as a logic program, with a fixpoint semantics similar to Datalog, and produces all access tuples in a given configuration that violate properties of interest. Our analysis framework is programmable both at the model level and at the property level, effectively separating mechanism from policy. We demonstrate the effectiveness of this modularity by analyzing two systems with very different mechanisms for access control—Windows XP and SELinux—with the same specification of information-flow vulnerabilities. netra finds vulnerabilities in default configurations of both systems.},
publisher = {Association for Computing Machinery, Inc.},
url = {http://approjects.co.za/?big=en-us/research/publication/netra-seeing-through-access-control/},
edition = {Proceedings of the 4th ACM Workshop on Formal Methods in Security Engineering: From Specifications to Code (FMSE)},
}