Using Z: specification, refinement, and proof
Using Z: specification, refinement, and proof
Protection in operating systems
Communications of the ACM
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Alloy: a lightweight object modelling notation
ACM Transactions on Software Engineering and Methodology (TOSEM)
Specifying and enforcing constraints in role-based access control
Proceedings of the eighth ACM symposium on Access control models and technologies
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Role-Based Access Control
Software Abstractions: Logic, Language, and Analysis
Software Abstractions: Logic, Language, and Analysis
Accessing and aggregating legacy data sources for healthcare research, delivery and training
Proceedings of the 2008 ACM symposium on Applied computing
Synthesising verified access control systems through model checking
Journal of Computer Security
Enabling verification and conformance testing for access control model
Proceedings of the 13th ACM symposium on Access control models and technologies
On the Facilitation of Fine-Grained Access to Distributed Healthcare Data
SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
Automated verification of access control policies using a SAT solver
International Journal on Software Tools for Technology Transfer (STTT)
On Formalizing and Normalizing Role-Based Access Control Systems
The Computer Journal
Specification and Analysis of Dynamic Authorisation Policies
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Kodkod: a relational model finder
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Formalising and validating RBAC-to-XACML translation using lightweight formal methods
ABZ'10 Proceedings of the Second international conference on Abstract State Machines, Alloy, B and Z
On the modelling and analysis of amazon web services access policies
ABZ'10 Proceedings of the Second international conference on Abstract State Machines, Alloy, B and Z
Evaluating access control policies through model checking
ISC'05 Proceedings of the 8th international conference on Information Security
Conformance checking of dynamic access control policies
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Hi-index | 0.00 |
Access control policies are a crucial aspect of many security-critical software systems. It is generally accepted that the construction of access control policies is not a straightforward task. Further, any mistakes in the process have the potential to give rise both to security risks, due to the provision of inappropriate access, and to frustration on behalf of legitimate end-users when they are prevented from performing essential tasks. In this paper we describe a tool for constructing role-based access control (RBAC) policies, which are automatically checked for conformance with constraints described using predicate logic. These constraints may represent general healthiness conditions that should hold of all policies conforming to a general model, or capture requirements pertaining to a particular deployment.