Ensuring spatio-temporal access control for real-world applications

Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Volumn , Issue , 2009, Pages 13-22

  Toahchoodee, Manachai ^a   Ray, Indrakshi ^a   Anastasakis, Kyriakos ^b   Georg, Geri ^a   Bordbar, Behzad ^b  

^a Integrative Neuroscience Program   (United States)

^b UNIVERSITY OF BIRMINGHAM   (United Kingdom)

Author keywords

Alloy; Modeling; Spatio temporal RBAC; UML

Indexed keywords

ACCESS CONTROL MODELS; ACCESS DECISION; ALLOY ANALYZERS; AUTOMATED ANALYSIS; AUTOMATED TOOLS; CONTEXTUAL INFORMATION; DECISION SUPPORTS; ERROR PRONES; FIRST ORDER LOGIC; FORMAL SPECIFICATION; FORMAL SPECIFICATION LANGUAGE; MANUAL ANALYSIS; MODELING; REAL-WORLD APPLICATION; ROLE-BASED ACCESS CONTROL; SOFTWARE INDUSTRY; SOFTWARE INFRASTRUCTURE; SPATIO-TEMPORAL; UML MODEL;

ALLOYS; COMPUTER SOFTWARE; DECISION SUPPORT SYSTEMS; FORMAL LOGIC; LINGUISTICS; SECURITY SYSTEMS; SPECIFICATIONS; UNIFIED MODELING LANGUAGE; VERIFICATION;

ACCESS CONTROL;

EID: 70450235110     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1542207.1542212     Document Type: Conference Paper

References (43)

1. K. Anastasakis, B. Bordbar, G. Georg, and I. Ray. On Challenges of Model Transformation from UML to Alloy. Journal on Software & System Modeling, 2009. To appear.
2. Kyriakos Anastasakis, Behzad Bordbar, Geri Georg, and Indrakshi Ray. UML2Alloy: A Challenging Model Transformation. In Proceedings of the ACM/IEEE 10th International Conference on Model Driven Engineering Languages and Systems, pages 436-450, Nashville, TN, USA, October 2007.
3. Claudio A. Ardagna, Marco Cremonini, Ernesto Damiani, Sabrina De Capitani di Vimercati, and Pierangela Samarati. Supporting location-based conditions in access control policies. In Proceedings of the ACM Symposium on Information, Computer and Communications Security, pages 212-222, Taipei, Taiwan, March 2006.
4. Elisa Bertino, Piero Andrea Bonatti, and Elena Ferrari. TRBAC: a temporal role-based access control model. In Proceedings of the 5th ACM Workshop on Role-Based Access Control, pages 21-30, Berlin, Germany, July 2000.
5. Elisa Bertino, Barbara Catania, Maria Luisa Damiani, and Paolo Perlasca. GEO-RBAC: a spatially aware RBAC. In Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, pages 29-37, Stockholm, Sweden, June 2005.
6. Behzad Bordbar and Kyriakos Anastasakis. MDA and Analysis of Web Applications. In Trends in Enterprise Application Architecture, volume 3888 of Lecture notes in Computer Science, pages 44-55, Trondheim, Norway, August 2005.
7. Behzad Bordbar and Kyriakos Anastasakis. UML2ALLOY: A tool for lightweight modelling of discrete event systems. In Proceedings of the IADIS International Conference on Applied Computing, pages 209-216, Algarve, Portugal, February 2005.
8. Suroop Mohan Chandran and James B. D. Joshi. LoT-RBAC: A Location and Time-Based RBAC Model. In Proceedings of the 6th International Conference on Web Information Systems Engineering, pages 361-375, New York, NY, USA, November 2005.
9. Michael J. Covington, Prahlad Fogla, Zhiyuan Zhan, and Mustaque Ahamad. A Context-Aware Security Architecture for Emerging Applications. In Proceedings of the Annual Computer Security Applications Conference, pages 249-260, Las Vegas, NV, USA, December 2002.
10. Michael J. Covington, Wende Long, Srividhya Srinivasan, Anind Dey, Mustaque Ahamad, and Gregory Abowd. Securing Context-Aware Applications Using Environment Roles. In Proceedings of the 6th ACM Symposium on Access Control Models and Technologies, pages 10-20, Chantilly, VA, USA, May 2001.
11. David F. Ferraiolo, Ravi S. Sandhu, Serban I. Gavrila, D. Richard Kuhn, and Ramaswamy Chandramouli. Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and Systems Security, 4(3):224-274, August 2001.
12. G. Georg, I. Ray, K. Anastasakis, B. Bordbar, M. Toahchoodee, and S. H. Houmb. An Aspect-oriented Methodology for Designing Secure Applications. Information and Software Technology, Special Issue on Model-Driven Development for Secure Information Systems, 51(5):846-864, May 2009.
13. Geri Georg, James Bieman, and Robert B. France. Using Alloy and UML/OCL to Specify Run-Time Configuration Management: A Case Study. In Andy Evans, Robert France, Ana Moreira, and Bernhard Rumpe, editors, Practical UML-Based Rigorous Development Methods - Countering or Integrating the eXtremists., volume P-7 of LNI, pages 128-141, 2001.
14. Urs Hengartner and Peter Steenkiste. Implementing Access Control to People Location Information. In Proceedings of the 9th ACM Symposium on Access Control Models and Technologies, pages 11-20, Yorktown Heights, NY, USA, June 2004.
15. Hongxin Hu and GailJoon Ahn. Enabling verification and conformance testing for access control model. In Proceedings of the 13th ACM Symposium on Access control Models and Technologies, pages 195-204, Estes Park, CO, USA, June 2008.
16. Daniel Jackson. Automating first-order relational logic. In Proceedings of the 8th ACM SIGSOFT international symposium on Foundations of Software Engineering, pages 130-139, San Diego, CA, USA, November 2000.
17. Daniel Jackson. Micromodels of Software: Lightweight Modelling and Analysis with Alloy. At http://alloy.mit.edu/alloy2website/reference-manual. pdf, 2002.
18. Daniel Jackson. Alloy 3.0 reference manual. At http://alloy.mit.edu/reference-manual.pdf, 2004.
19. Daniel Jackson. Software Abstractions: Logic, Language, and Analysis. MIT Press, 2006.
20. Daniel Jackson. Software Abstractions: Logic, Language, and Analysis. The MIT Press, London, England, 2006.
21. James B.D. Joshi, Elisa Bertino, Usman Latif, and Arif Ghafoor. A Generalized Temporal Role-Based Access Control Model. IEEE Transactions on Knowledge and Data Engineering, 17(1):4-23, January 2005.
22. Anneke G. Kleppe, Jos Warmer, and Wim Bast. MDA Explained: The Model Driven Architecture: Practice and Promise. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 2003.
23. Ulf Leonhardt and Jeff Magee. Security Consideration for a Distributed Location Service. Imperial College of Science, Technology and Medicine, London, UK, 1997.
24. OMG. MOF Core v. 2.0. Document Id: formal/06-01-01. http://www.omg.org.
25. OMG. OCL Version 2.0. Document id: formal/06-05-01. http://www.omg.org.
26. OMG. UML: Superstructure. Version 2.0. Document id: formal/05-07-04. http://www.omg.org.
27. OMG. Unified Modeling Language: Superstructure Version 2.1.2 Formal/07/11/02. At http://www.omg.org/docs/formal/07-11-02.pdf., 2002.
28. Indrakshi Ray and Mahendra Kumar. Towards a Location-Based Mandatory Access Control Model. Computers & Security, 25(1), February 2006.
29. Indrakshi Ray, Mahendra Kumar, and Lijun Yu. LRBAC: A Location-Aware Role-Based Access Control Model. In Proceedings of the 2nd International Conference on Information Systems Security, pages 147-161, Kolkata, India, December 2006.
30. Indrakshi Ray, Na Li, Robert France, and Dae-Kyoo Kim. Using UML to Visualize Role-Based Access Control Constraints. In Proceedings of the 9th ACM symposium on Access Control Models and Technologies, pages 115-124, Yorktown Heights, NY, USA, June 2004.
31. Indrakshi Ray and Manachai Toahchoodee. A Spatio-temporal Role-Based Access Control Model. In Proceedings of the 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security, pages 211-226, Redondo Beach, CA, July 2007.
32. Indrakshi Ray and Manachai Toahchoodee. A Spatio-Temporal Access Control Model Supporting Delegation for Pervasive Computing Applications. In Proceedings of the 5th International Conference on Trust, Privacy & Security in Digital Business, pages 48-58, Turin, Italy, September 2008.
33. Mark Richters. A Precise Approach to Validating UML Models and OCL Constraints. PhD thesis, Universitaet Bremen, 2002. Logos Verlag, Berlin, BISS Monographs, No. 14.
34. Geetanjali Sampemane, Prasad Naldurg, and Roy H. Campbell. Access Control for Active Spaces. In Proceedings of the Annual Computer Security Applications Conference, pages 343-352, Las Vegas, NV, USA, December 2002.
35. Arjmand Samuel, Arif Ghafoor, and Elisa Bertino. A Framework for Specification and Verification of Generalized Spatio-Temporal Role Based Access Control Model. Technical report, Purdue University, February 2007. CERIAS TR 2007-08.
36. Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. Role-based access control models. IEEE Computer, 29(2):38-47, February 1996.
37. Andreas Schaad and Jonathan D. Moffett. A Lightweight Approach to Specification and Analysis of Role-Based Access Control Extensions. In Proceedings of the 7th ACM Symposium on Access Control Models and Technologies, pages 13-22, Monterey, CA, USA, June 2002.
38. Richard Simon and Mary Ellen Zurko. Separation of Duty in Role-based Environments. In Proceedings of the 10th Computer Security Foundations Workshop, pages 183-194, Rockport, MA, USA, June 1997.
39. Mana Taghdiri and Daniel Jackson. A lightweight formal analysis of a multicast key management scheme. In Fo r m a l Techniques for Networked and Distributed Systems - FORTE 2003, volume 2767 of Lecture Notes in Computer Science, pages 240-256, 2003.
40. Manachai Toahchoodee and Indrakshi Ray. On the Formal Analysis of a Spatio-Temporal Role-Based Access Control Model. In Proceedings of the 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, pages 17-32, London, U.K., July 2008.
41. Manachai Toahchoodee and Indrakshi Ray. Using Alloy to Analyze a Spatio-Temporal Access Control Model Supporting Delegation. IET Information Security, 2009. To appear.
42. Chunyang Yuan, Yeping He, Jianbo He, and Zhouyi Zhou. A Verifiable Formal Specification for RBAC Model with Constraints of Separation of Duty. In Proceedings of the 2nd SKLOIS Conference on Information Security and Cryptology, pages 196-210, Beijing, China, November 2006.
43. John Zao, Hoetech Wee, Jonathan Chu, and Daniel Jackson. RBAC Schema Verification Using Lightweight Formal Model and Constraint Analysis. At http://alloy.mit.edu/publications.php, 2002.