Systematic software development using VDM (2nd ed.)
Systematic software development using VDM (2nd ed.)
Modelling systems: practical tools and techniques in software development
Modelling systems: practical tools and techniques in software development
Validated Designs For Object-oriented Systems
Validated Designs For Object-oriented Systems
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
Synthesising verified access control systems through model checking
Journal of Computer Security
Triumphs and Challenges for Model-Oriented Formal Methods: The VDM++ Experience (Abstract)
ISOLA '06 Proceedings of the Second International Symposium on Leveraging Applications of Formal Methods, Verification and Validation
Formal Modelling of Dynamic Coalitions, with an Application in Chemical Engineering
ISOLA '06 Proceedings of the Second International Symposium on Leveraging Applications of Formal Methods, Verification and Validation
Deriving specifications for systems that are connected to the physical world
Formal methods and hybrid real-time systems
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
On the Facilitation of Fine-Grained Access to Distributed Healthcare Data
SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
Conformance checking of dynamic access control policies
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Formalising and validating RBAC-to-XACML translation using lightweight formal methods
ABZ'10 Proceedings of the Second international conference on Abstract State Machines, Alloy, B and Z
Formalisation and implementation of the XACML access control mechanism
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Animation-based validation of a formal model of dynamic virtual organisations
FACS-FMI'07 Proceedings of the 2007th internatioanal conference on Formal Methods in Industry
Towards model-driven development of access control policies for web applications
Proceedings of the Workshop on Model-Driven Security
Science of Computer Programming
Hi-index | 0.00 |
We present a formal, tool-supported approach to the design and maintenance of access control policies expressed in the eXtensible Access Control Markup Language (XACML). Our aim is to help developers evaluate the consequences of policy decisions in complex situations where security requirements change and access decisions may depend on the external dynamic environment. The approach applies the model-oriented specification language from the Vienna Development Method (VDM++). An executable formal model of XACML access control is presented in VDM++. The use of the model to analyse and revise both policies and requirements on the environment is illustrated through an example. An approach to the practical problem of analysing access control in virtual organisations with dynamic membership and goals is proposed.