Automated Verification Of Role-Based Access Control Policies Constraints Using Prover9

Access control policies are used to restrict access to sensitive records for authorized users only. One approach for specifying policies is using role based access control (RBAC) where authorization is given to roles instead of users. Users are assigned to roles such that each user can access all the records that are allowed to his/her role. RBAC has a great interest because of its flexibility. One issue in RBAC is dealing with constraints. Usually, policies should satisfy pre-defined constraints as for example separation of duty (SOD) which states that users are not allowed to play two conflicting roles. Verifying the satisfiability of constraints based on policies is time consuming and may lead to errors. Therefore, an automated verification is essential. In this paper, we propose a theory for specifying policies and constraints in first order logic. Furthermore, we present a comprehensive list of constraints. We identity constraints based on the relation between users and roles, between roles and permission on records, between users and permission on records, and between users, roles, and permission on records. Then, we use a general purpose theorem prover tool called Prover9 for proving the satisfaction of constraints.

💡 Research Summary

The paper addresses the problem of verifying that role‑based access control (RBAC) policies satisfy a variety of security constraints. While RBAC is widely adopted because it decouples permissions from individual users, the presence of constraints such as Separation of Duty (SOD), cardinality limits, and inheritance restrictions makes manual validation error‑prone and time‑consuming. The authors propose a formal framework that models both the RBAC policy and its constraints in first‑order logic (FOL) and then uses the general‑purpose theorem prover Prover9 to automatically check constraint satisfaction.

First, the authors define the three basic RBAC entities—users (U), roles (R), and permissions (P)—as sets and introduce the standard relations: user‑assignment UA ⊆ U×R, permission‑assignment PA ⊆ R×P, and role hierarchy RH ⊆ R×R. Each relation is represented by a binary predicate (e.g., UA(u,r), PA(r,p), RH(r1,r2)). Role hierarchy properties such as transitivity and reflexivity are encoded as axioms.

Next, the paper classifies constraints into four families based on the relationships they involve:

1. User‑Role constraints – e.g., SOD, static separation of duty (SSD), dynamic separation of duty (DSD). These are expressed as ∀u∀r1∀r2