The object constraint language: precise modeling with UML
The object constraint language: precise modeling with UML
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
An Overview of RoZ: A Tool for Integrating UML and Z Specifications
CAiSE '00 Proceedings of the 12th International Conference on Advanced Information Systems Engineering
Role-Based Access Control
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
Software Abstractions: Logic, Language, and Analysis
Software Abstractions: Logic, Language, and Analysis
Using Jaza to Animate RoZ Specifications of UML Class Diagrams
SEW '06 Proceedings of the 30th Annual IEEE/NASA Software Engineering Workshop
USE: A UML-based specification environment for validating UML and OCL
Science of Computer Programming
ProB: an automated analysis toolset for the B method
International Journal on Software Tools for Technology Transfer (STTT)
Analyzing and Managing Role-Based Access Control Policies
IEEE Transactions on Knowledge and Data Engineering
Automated analysis of security-design models
Information and Software Technology
Ensuring spatio-temporal access control for real-world applications
Proceedings of the 14th ACM symposium on Access control models and technologies
Secure Systems Development with UML
Secure Systems Development with UML
Validation of security-design models using Z
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
Towards a formal analysis of dynamic reconfiguration in WS-BPEL
Intelligent Decision Technologies
Hi-index | 0.00 |
Designing a security policy for an information system is a non-trivial task. In this paper, we consider the design of a security policy based on a variant of the RBAC model, close to SecureUML. This variant includes constraints for the separation of duty, as well as contextual constraints. Contextual constraints use information about the state of the functional model of the application to grant permissions to users. These constraints add flexibility to the security policy, but make its validation more difficult. In this paper, we first review two tools, USE and SecureMOVA, which can be used to analyse and validate a security policy. These tools focus on analyses of static aspects of the secured system. We then propose a new tool, based on the Z formal language, which uses animation of the specification to validate the static as well as dynamic aspects of the security policy, taking into account possible evolutions of the state of the functional model. We discuss how the security policy and the functional application are described to the tool, and what kind of queries and animations can be performed to analyse nominal and malicious behaviours of the system.