A Model-Driven Approach for the Specification and Analysis of Access Control Policies
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Proceedings of the 15th ACM symposium on Access control models and technologies
Model checking of location and mobility related security policy specifications in ambient calculus
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
SecurOntology: A semantic web access control framework
Computer Standards & Interfaces
Towards automatic update of access control policy
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Modeling process-related RBAC models with extended UML activity models
Information and Software Technology
Validation of security policies by the animation of Z specifications
Proceedings of the 16th ACM symposium on Access control models and technologies
Automatic error finding in access-control policies
Proceedings of the 18th ACM conference on Computer and communications security
Validation of security-design models using Z
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Comprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL
Information and Software Technology
Mohawk: Abstraction-Refinement and Bound-Estimation for Verifying Access Control Policies
ACM Transactions on Information and System Security (TISSEC)
Attribute-based fine-grained access control with efficient revocation in cloud storage systems
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
| Hi-index | 0.00 |
Today more and more security-relevant data is stored on computer systems; security-critical business processes are mapped to their digital counterparts. This situation applies to various domains such as health care industry, digital government, and financial service institutes requiring that different security requirements must be fulfilled. Authorisation constraints can help the policy architect design and express higher-level organisational rules. Although the importance of authorisation constraints has been addressed in the literature, there does not exist a systematic way to verify and validate authorisation constraints. In this paper, we specify both non-temporal and history-based authorisation constraints in the Object Constraint Language (OCL) and first-order linear temporal logic (LTL). Based upon these specifications, we attempt to formally verify role-based access control policies with the help of a theorem prover and to validate policies with the USE system, a validation tool for OCL constraints. We also describe an authorisation engine, which supports the enforcement of authorisation constraints.