ACCESSPROV: Tracking the provenance of access control decisions

Frank Capobianco, Christian Skalka, Trent Jaeger

Research output: Contribution to conferencePaperpeer-review

5 Scopus citations


Access control protects security-sensitive operations from access by unauthorized subjects. Unfortunately, access control mechanisms are implemented manually in practice, which can lead to exploitable errors. Prior work aims to find such errors through static analysis, but the correctness of access control enforcement depends on runtime factors, such as the access control policies enforced and adversary control of the program inputs. As a result, we propose to apply provenance tracking to find flaws in access control enforcement. To do so, we track the inputs used in access control decisions to enable detection of flaws. We have developed ACCESSPROV, a Java bytecode analysis tool capable of retrofitting legacy Java applications with provenance hooks. We utilize ACCESSPROV to add provenance hooks at all locations that either may require access control enforcement or may impact access control policy decisions. We evaluate ACCESSPROV on OpenMRS, an open-source medical record system, detecting access control errors while incurring only 2.1% overhead when running the OpenMRS test suite on the instrumented OpenMRS program.

Original languageEnglish (US)
StatePublished - 2017
Event9th USENIX Workshop on the Theory and Practice of Provenance, TaPP 2017 - Seattle, United States
Duration: Jun 23 2017 → …


Conference9th USENIX Workshop on the Theory and Practice of Provenance, TaPP 2017
Country/TerritoryUnited States
Period6/23/17 → …

All Science Journal Classification (ASJC) codes

  • General Computer Science


Dive into the research topics of 'ACCESSPROV: Tracking the provenance of access control decisions'. Together they form a unique fingerprint.

Cite this