The Z notation: a reference manual
The Z notation: a reference manual
Role-Based Access Control Models
Computer
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Behavioral Specifications of Businesses and Systems
Behavioral Specifications of Businesses and Systems
Formal Specification and Static Checking of Gemplus' Electronic Purse Using ESC/Java
FME '02 Proceedings of the International Symposium of Formal Methods Europe on Formal Methods - Getting IT Right
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Role-Based Access Control
An overview of JML tools and applications
International Journal on Software Tools for Technology Transfer (STTT) - Special section on formal methods for industrial critical systems
Soundness and completeness warnings in ESC/Java2
Proceedings of the 2006 conference on Specification and verification of component-based systems
Proving theorems about JML classes
Formal methods and hybrid real-time systems
The 6th International Workshop on Software Engineering for Secure Systems (SESS'10)
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2
Hi-index | 0.00 |
Employing flexible access control mechanisms, formally specifying and correctly implementing relevant security properties, and ensuring that the implementation satisfies its formal specification, are some of the important aspects towards achieving higher-level organization-wide access control that maintains the characteristics of software quality. In the access control arena, the role-based access control (RBAC) has emerged as a powerful model for laying out and developing higher-level organizational rules such as separation of duty, and for simplifying the access management process. One of the important aspects of RBAC is authorization constraints that allow one to express such organizational rules. On the other hand, the Java Modeling Language (JML) has evolved as a flexible formal behavioral interface specification language that can be used as a Design by Contract (DBC) approach for developing software written in Java. In this paper, we adopt JML as a DBC approach to implement a prototype of a role-based authorization engine. We specifically focus on how JML can effectively be used in precisely specifying the functional behavior of the authorization engine, including various constraints such as authorization constraints and integrity constraints. We employ few JML tools towards verifying the correctness of the implementation of the authorization engine against its JML specification.