Enabling Verification and conformance testing for access control model

Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Volumn , Issue , 2008, Pages 195-204

  Hu, Hongxin ^a   Ahn, Gail Joon ^a  

^a UNIVERSITY OF NORTH CAROLINA AT CHARLOTTE   (United States)

Author keywords

Access control; Alloy; Model based testing; Model based verification; Sat solver

Indexed keywords

ACCESS CONTROL MODELS; ACCESS CONTROL SYSTEMS; AUTOMATIC ANALYSIS; CHALLENGING TASKS; CONFORMANCE TESTING; FORMAL SPECIFICATIONS; IN BUILDINGS; MANAGEMENT FRAMEWORKS; MODEL-BASED TESTING; MODEL-BASED VERIFICATION; ROLE-BASED ACCESS CONTROLS; SAT SOLVER; SECURITY PROPERTIES; SOFTWARE ASSURANCES; SYSTEM DESIGNS; TESTING CASES; TOOLSET;

CONCURRENCY CONTROL; CONTROL SYSTEM ANALYSIS; CONTROL SYSTEMS; CONTROL THEORY; SECURITY SYSTEMS; SOFTWARE TESTING; SPECIFICATIONS; VERIFICATION;

ACCESS CONTROL;

EID: 57349119890     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1377836.1377867     Document Type: Conference Paper

References (20)

1. The ArgoUML Project, http://argouml.tigris.org.
2. American National Standards Institute Inc. Role Based Access Control, ANSI-INCITS 359-2004, 2004.
3. G.-J. Ahn and H. Hu. Towards realizing a formal RBAC model in real systems. In SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologies, pages 215-224, New York, NY, USA, 2007. ACM.
4. G.-J. Ahn and R. S. Sandhu. Role-based authorization constraints specification. ACM Trans. Inf. Syst. Secur. (TISSEC), 3(4):207-226, November 2000.
5. A. K. Bandara, E. C. Lupu, and A. Russo. Using event calculus to formalise policy specification and analysis. In POLICY '03: Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, page 26, Washington, DC, USA, 2003. IEEE Computer Society.
6. E. M. Clarke, O. Grumberg, and D. A. Peled. Model Checking. MIT Press, 2000.
7. K. Fisler, S. Krishnamurthi, L. A. Meyerovich, and M. C. Tschantz. Verification and change-impact analysis of access-control policies. In ICSE '05: Proceedings of the 27th international conference on Software engineering, pages 196-205, New York, NY, USA, 2005. ACM.
8. J. Y. Halpern and V. Weissman. Using first-order logic to reason about policies. In 16th IEEE Computer Security Foundations Workshop (CSFW'03), pages 187-201. IEEE Computer Society, 2003.
9. D. Jackson. Alloy: a lightweight object modelling notation. ACM Trans. Softw. Eng. Methodol., 11(2):256-290, 2002.
10. D. Jackson, I. Schechter, and H. Shlyahter. Alcoa: the alloy constraint analyzer. In ICSE '00: Proceedings of the 22nd international conference on Software engineering, pages 730-733, New York, NY, USA, 2000. ACM.
11. T. Jaeger, X. Zhang, and A. Edwards. Policy management using access control spaces. ACM Trans. Inf. Syst. Secur., 6(3):327-364, 2003.
12. N. Li, J.-W. Byun, and E. Bertino. A critique of the ANSI standard on role based access control. Technical Report TR 2005-29, Purdue University, 2005.
13. E. Martin and T. Xie. A fault model and mutation testing of access control policies. In WWW '07: Proceedings of the 16th international conference on World Wide Web, pages 667-676, New York, NY, USA, 2007. ACM.
14. A. Masood, A. Ghafoor, and A. Mathur. Scalable and effective test generation for access control systems that employ RBAC policies that employ RBAC policies. SERC-TR-285, Purdue University, 2005.
15. D. G. Mitchell. A SAT Solver Primer. EATCS Bulletin (The Logic in Computer Science Column), Volume 85, February 2005, pages 112-133.
16. A. Robinson and A.Voronkov. Handbook of Automated Reasoning. MIT Press, 2001.
17. A. Schaad and J. D. Moffett. A lightweight approach to specification and analysis of role-based access control extensions. In SACMAT '02: Proceedings of the seventh A CM symposium, on Access control m,odels and technologies, pages 13-22, New York, NY, USA, 2002. ACM.
18. Y. L. Traon, T. Mouelhi, and B. Baudry. Testing security policies: Going beyond functional testing. In ISSRE '07. The 18th IEEE International Symposium, on Software Reliability.
19. J. Tretmans. A formal approach to conformance testing. In Proceedings of the IFIP TC6/WG6.1 Sixth International W'orkshop on Protocol Test systems VI, pages 257-276, Amsterdam, The Netherlands, The Netherlands, 1994. North-Holland Publishing Co.
20. M. Utting and B. Legeard. Practical Model-Based Testing: A Tools Approach. Morgan-Kaufmann, 2007.