Role-Based Access Control Models
Computer
TRBAC: a temporal role-based access control model
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Automating first-order relational logic
SIGSOFT '00/FSE-8 Proceedings of the 8th ACM SIGSOFT international symposium on Foundations of software engineering: twenty-first century applications
Securing context-aware applications using environment roles
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
A lightweight approach to specification and analysis of role-based access control extensions
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Using Alloy and UML/OCL to Specify Run-Time Configuration Management: A Case Study
Workshop of the pUML-Group held together with the «UML»2001 on Practical UML-Based Rigorous Development Methods - Countering or Integrating the eXtremists
A Context-Aware Security Architecture for Emerging Applications
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Access Control for Active Spaces
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
MDA Explained: The Model Driven Architecture: Practice and Promise
MDA Explained: The Model Driven Architecture: Practice and Promise
Implementing access control to people location information
Proceedings of the ninth ACM symposium on Access control models and technologies
Using uml to visualize role-based access control constraints
Proceedings of the ninth ACM symposium on Access control models and technologies
A Generalized Temporal Role-Based Access Control Model
IEEE Transactions on Knowledge and Data Engineering
GEO-RBAC: a spatially aware RBAC
Proceedings of the tenth ACM symposium on Access control models and technologies
Supporting location-based conditions in access control policies
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Software Abstractions: Logic, Language, and Analysis
Software Abstractions: Logic, Language, and Analysis
Enabling verification and conformance testing for access control model
Proceedings of the 13th ACM symposium on Access control models and technologies
An aspect-oriented methodology for designing secure applications
Information and Software Technology
A spatio-temporal role-based access control model
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
A verifiable formal specification for RBAC model with constraints of separation of duty
Inscrypt'06 Proceedings of the Second SKLOIS conference on Information Security and Cryptology
LoT-RBAC: a location and time-based RBAC model
WISE'05 Proceedings of the 6th international conference on Web Information Systems Engineering
LRBAC: a location-aware role-based access control model
ICISS'06 Proceedings of the Second international conference on Information Systems Security
MDA and analysis of web applications
TEAA'05 Proceedings of the 31st VLDB conference on Trends in Enterprise Application Architecture
UML2Alloy: a challenging model transformation
MODELS'07 Proceedings of the 10th international conference on Model Driven Engineering Languages and Systems
Modular context-aware access control for medical sensor networks
Proceedings of the 15th ACM symposium on Access control models and technologies
Integrating GSTRBAC spatial constraints in X-GTRBAC
Proceedings of the 7th International Conference on Frontiers of Information Technology
Constructing authorization systems using assurance management framework
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Validation of security policies by the animation of Z specifications
Proceedings of the 16th ACM symposium on Access control models and technologies
Combining UML, ASTD and B for the formal specification of an access control filter
Innovations in Systems and Software Engineering
Validation of security-design models using Z
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Specification and analysis of access control policies for mobile applications
Proceedings of the 18th ACM symposium on Access control models and technologies
| Hi-index | 0.00 |
Traditional access control models, such as Role-Based Access Control (RBAC), do not take into account contextual information, such as location and time, for making access decisions. Consequently, they are inadequate for specifying the access control needs of many complex real-world applications, such as the Dengue Decision Support (DDS) that we discuss in this paper. We need to ensure that such applications are adequately protected using emerging access control models. This requires us to represent the application and its access control requirements in a formal specification language. We choose the Unified Modeling Language (UML) for this purpose, since UML is becoming the defacto specification language in the software industry. We need to analyze this formal specification to get assurance that the application is adequately protected. Manual analysis is error-prone and tedious. Thus, we need automated tools for verification of UML models. Towards this end, we propose that the UML models be converted to Alloy. Alloy is based on first-order logic, has a software infrastructure that supports automated analysis, and has been used for the verification of real-world applications. We show how to convert the UML models to Alloy and verify the resulting model using the Alloy Analyzer which has embedded SAT-solvers. The results from the Alloy Analyzer will help uncover the flaws in the specification and help us refine the application and its access control requirements.