| We present the continuation of our work on a three-level framework, which can be used to model and analyze the identification- authentication- authorization policies. Finding the gaps in such policies is challenging. We explore the cases when operations become accessible to the user because of flawed or missing authentication methods. Our objective is to model the domain and find such vulnerabilities. Our proposed framework has three levels. Each level is built on top of a previous one. The first is ontological, where we model the static domain in OWL; the second is logical, where we model the dynamic using SWRL; and the third is analytical level, where we utilize the reasoner to get the results. In this paper, we present the algorithm, which finds vulnerable situations in the policies or confirms that there are no vulnerable situations. We have modelled a couple of policies from different user-based applications to validate our approach as well as demonstrate the feasibility of using it on policies from the actual systems. |
*** Title, author list and abstract as seen in the Camera-Ready version of the paper that was provided to Conference Committee. Small changes that may have occurred during processing by Springer may not appear in this window.