Alcoa: the alloy constraint analyzer
Proceedings of the 22nd international conference on Software engineering
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Alloy: a lightweight object modelling notation
ACM Transactions on Software Engineering and Methodology (TOSEM)
A lightweight approach to specification and analysis of role-based access control extensions
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Handbook of Automated Reasoning: Volume 1
Handbook of Automated Reasoning: Volume 1
A Formal Approach to Conformance Testing
Proceedings of the IFIP TC6/WG6.1 Sixth International Workshop on Protocol Test systems VI
Using Event Calculus to Formalise Policy Specification and Analysis
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Policy management using access control spaces
ACM Transactions on Information and System Security (TISSEC)
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
Practical Model-Based Testing: A Tools Approach
Practical Model-Based Testing: A Tools Approach
A fault model and mutation testing of access control policies
Proceedings of the 16th international conference on World Wide Web
Towards realizing a formal RBAC model in real systems
Proceedings of the 12th ACM symposium on Access control models and technologies
Testing Security Policies: Going Beyond Functional Testing
ISSRE '07 Proceedings of the The 18th IEEE International Symposium on Software Reliability
A Model-Driven Approach for the Specification and Analysis of Access Control Policies
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Consistency checking of role assignments in inter-organizational collaboration
SPRINGL '08 Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS
Ensuring spatio-temporal access control for real-world applications
Proceedings of the 14th ACM symposium on Access control models and technologies
Constructing authorization systems using assurance management framework
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Automatic conformance checking of role-based access control policies via alloy
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
An approach to modular and testable security models of real-world health-care applications
Proceedings of the 16th ACM symposium on Access control models and technologies
Automatic error finding in access-control policies
Proceedings of the 18th ACM conference on Computer and communications security
Model checking security policy model using both UML static and dynamic diagrams
Proceedings of the 4th international conference on Security of information and networks
A model-based approach to automated testing of access control policies
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Enhancing directory virtualization to detect insider activity
Security and Communication Networks
Mohawk: Abstraction-Refinement and Bound-Estimation for Verifying Access Control Policies
ACM Transactions on Information and System Security (TISSEC)
Hi-index | 0.00 |
Verification and testing are the important step for software assurance. However, such crucial and yet challenging tasks have not been widely adopted in building access control systems. In this paper we propose a methodology to support automatic analysis and conformance testing for access control systems, integrating those features to Assurance Management Framework (AMF). Our methodology attempts to verify formal specifications of a role-based access control model and corresponding policies with selected security properties. Also, we systematically articulate testing cases from formal specifications and validate conformance to the system design and implementation using those cases. In addition, we demonstrate feasibility and effectiveness of our methodology using SAT and Alloy toolset.