Evaluating RBAC supported techniques and their validation and verification

Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011

Volumn , Issue , 2011, Pages 734-739

  Qamar, Nafees ^a   Ledru, Yves ^a   Idani, Akram ^a  

^a GRENOBLE INSTITUTE OF TECHNOLOGY   (France)

Author keywords

Formal and semi formal techniques; RBAC; Survey and analysis; Verification and validation

Indexed keywords

ACCESS CONTROL MECHANISM; APPROPRIATE TECHNIQUES; AUTOMATED ANALYSIS; DEGREE OF COVERAGES; DYNAMIC ASPECTS; FORMAL AND SEMI-FORMAL TECHNIQUES; FORMAL TECHNIQUES; RBAC; ROLE HIERARCHY; ROLE-BASED ACCESS CONTROL; SECURITY RULES; SEPARATION OF DUTY; SPECIFICATION TECHNIQUE; SUPPORTING SYSTEMS; VALIDATION AND VERIFICATION; VERIFICATION AND VALIDATION;

SECURITY SYSTEMS;

ACCESS CONTROL;

EID: 80455173451     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2011.112     Document Type: Conference Paper

References (29)

1. S. Martin, "The Best of Both Worlds Integrating UML with Z for Software Specifications," Journal of Computing and Control Engineering, vol. 14, pp. 8-11, (2003).
2. J. Jürjens, "UMLsec: Extending UML for Secure Systems Development," in Proceedings of the Unified Modeling Language: 5th International Conference (UML'02). Springer, 2002, pp. 412-425.
3. D. A. Basin, M. Clavel, J. Doser, and M. Egea, "Automated Analysis of Security Design Models," Information and Software Technology, Special issue on Model Based Development for Secure Information Systems, Elsevier, vol. 51, Issue 5, 2009.
4. M. Gogolla, F. Büttner, and M. Richters, "USE: A UMLbased specification environment for validating UML and OCL," Sci. Comput. Program., vol. 69, no. 1-3, pp. 27-34, 2007. (Pubitemid 350087238)
5. "Object Management Group, UML 2.0 OCL specification, OMG document available at http://www.omg.org/spec/ocl/2.0/," 2003.
6. L. Yu, R. France, I. Ray, and S. Ghosh, "A rigorous approach to uncovering security policy violations in UML designs," in Proceedings of the International Conference on Engineering Complex Computer Systems (ICECCS'09). IEEE, 2009.
7. D. Basin, J. Doser, and T. Lodderstedt, "Model Driven Security: From UML Models to Access Control Infrastructures," Proceedings of the ACM Transactions on Software Engineering and Methodology (TOSEM'06), vol. 15, no. 1, pp. 39-91, 2006. (Pubitemid 43947939)
8. D. Kim, I. Ray, R. B. France, and N. Li, "Modeling Rolebased Access Control Using Parameterized UML Models," in Proceedings of the Fundamental Approaches to Software Engineering (FASE'04). LNCS 2984, Springer, 2004, pp. 180-193.
9. G. Ahn and H. Hu, "Towards realizing a formal RBAC model in real systems," in Proceedings of the 12th ACM symposium on Access control models and technologies (SACMAT'07). ACM Press, 2007.
10. L. Yu, R. B. France, and I. Ray, "Scenario-based static analysis of UML class models," in MoDELS. LNCS, Vol. 5301, 2008, pp. 234-248.
11. H. Hu and G.-J. Ahn, "Enabling verification and conformance testing for access control model," in SACMAT. ACM Press, 2008, pp. 195-204.
12. A. Schaad and J. D. Moffett, "A lightweight approach to specification and analysis of role-based access control extensions," in Proc. of 7th SACMAT. ACM Press, 2002, pp. 13-22.
13. J. Zao, H. Wee, J. Chu, and D. Jackson, "RBAC schema verification using lightweight formal model and constraint analysis," in Proceedings of 8th ACM symposium on Access Control Models and Technologies (SACMAT'03), 2003.
14. J. M. Spivey, "The Z Notation: A reference manual (2nd ed.)." Prentice Hall, 1992.
15. D. Jackson, "Alloy: A Lightweight Object Modelling Notation," ACM Trans. Softw. Eng. Methodol., vol. 11, no. 2, pp. 256-290, 2002. (Pubitemid 44159313)
16. D. F. Ferraiolo, R. S. Sandhu, S. I. Gavrila, D. R. Kuhn, and R. Chandramouli, "Proposed NIST standard for Role-based Access Control," in ACM Transactions on Information and System Security (TISSEC'-01), 2001, pp. 224-274.
17. Ç. Cirit and F. Buzluca, "A UML profile for role-based access control," in 2nd International Conference on Security of Information and Networks (SIN. ACM, 2009, pp. 83-92.
18. K. Sohr, G.-J. Ahn, M. Gogolla, and L. Migge, "Specification and validation of authorisation constraints using UML and OCL," in ESORICS'05, ser. LNCS, vol. 3679. Springer, 2005.
19. I. Ray, N. Li, and R. France, "Using UML to visualize rolebased access-control constraints," in Proceedings of the 9th ACM symposium on Access control models and technologies (SACMAT'04). ACM Press, 2004, pp. 115-124.
20. K. Alghathbar, "Validating the enforcement of access control policies and separation of duty principle in requirement engineering," Information & Software Technology, vol. 49, no. 2, pp. 142-157, 2007. (Pubitemid 44765201)
21. M. E. Shin and G.-J. Ahn, "UML-based representation of role-based access control," in IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE'00), 2000, pp. 195-200.
22. G.-J. Ahn and M. E. Shin, "Role-based authorization constraints specification using object constraint language," in IEEE 10th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE'01), 2001, pp. 157-162.
23. C. Yuan, Y. He, J. He, and Z. Zhou, "A verifiable formal specification for RBAC model with constraints of separation of duty," in Inscrypt. LCNS 4318, Springer, 2006, pp. 196- 210. (Pubitemid 46030733)
24. D. Power and M. Slaymaker and A. Simpson, "On the modelling and analysis of Amazon Web Services access policies," in Proceedings of Abstract State Machines, Alloy, B and Z (ABZ 2010). Springer-Verlag LNCS, volume 5977, 2010, p. 394.
25. M. Vaziri and D. Jackson, "Some shortcomings of OCL, the object constraint language of UML," in TOOLS (34). IEEE, 2000, pp. 555-562.
26. K. Anastasakis, B. Bordbar, G. Georg, and I. Ray, "On challenges of model transformation from UML to Alloy," Software and System Modeling, vol. 9, no. 1, pp. 69-86, 2010.
27. C. Talhi, D. Mouheb, V. Lima, M. Debbabi, L. Wang, and M. Pourzandi, "Usability of security specification approaches for UML design: A survey," Journal of Object Technology, vol. 8, no. 6, pp. 102-122, 2009.
28. M. Drouineaud, K. Sohr, and C. Alm, "Validation of rbac policies on classifying validation methods," ORKA Organisational Control Architecture, Tech. Rep., 2006.
29. "The Alloy Analyzer Quick Guide." [Online]. Available: http://alloy.mit.edu/alloy4/quickguide/index.html