AAAI '99/IAAI '99 Proceedings of the sixteenth national conference on Artificial intelligence and the eleventh Innovative applications of artificial intelligence conference innovative applications of artificial intelligence
Supporting relationships in access control using role based access control
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Hit-or-Jump: An algorithm for embedded testing with applications to IN services
FORTE XII / PSTV XIX '99 Proceedings of the IFIP TC6 WG6.1 Joint International Conference on Formal Description Techniques for Distributed Systems and Communication Protocols (FORTE XII) and Protocol Specification, Testing and Verification (PSTV XIX)
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Analyzing consistency of security policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Nomad: A Security Model with Non Atomic Actions and Deadlines
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
A formal approach for testing security rules
Proceedings of the 12th ACM symposium on Access control models and technologies
Test Generation from Security Policies Specified in Or-BAC
COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 02
Testing Security Rules with Decomposable Activities
HASE '07 Proceedings of the 10th IEEE High Assurance Systems Engineering Symposium
Modeling System Security Rules with Time Constraints Using Timed Extended Finite State Machines
DS-RT '08 Proceedings of the 2008 12th IEEE/ACM International Symposium on Distributed Simulation and Real-Time Applications
Two Complementary Tools for the Formal Testing of Distributed Systems with Time Constraints
DS-RT '08 Proceedings of the 2008 12th IEEE/ACM International Symposium on Distributed Simulation and Real-Time Applications
A passive testing approach based on invariants: application to the WAP
Computer Networks: The International Journal of Computer and Telecommunications Networking
A Formal Framework to Integrate Timed Security Rules within a TEFSM-Based System Specification
APSEC '09 Proceedings of the 2009 16th Asia-Pacific Software Engineering Conference
Integration of security policy into system modeling
B'07 Proceedings of the 7th international conference on Formal Specification and Development in B
Hi-index | 0.00 |
Context: Formal methods are very useful in the software industry and are becoming of paramount importance in practical engineering techniques. They involve the design and modeling of various system aspects expressed usually through different paradigms. These different formalisms make the verification of global developed systems more difficult. Objective: In this paper, we propose to combine two modeling formalisms, in order to express both functional and security timed requirements of a system to obtain all the requirements expressed in a unique formalism. Method: First, the system behavior is specified according to its functional requirements using Timed Extended Finite State Machine (TEFSM) formalism. Second, this model is augmented by applying a set of dedicated algorithms to integrate timed security requirements specified in Nomad language. This language is adapted to express security properties such as permissions, prohibitions and obligations with time considerations. Results: The proposed algorithms produce a global TEFSM specification of the system that includes both its functional and security timed requirements. Conclusion: It is concluded that it is possible to merge several requirement aspects described with different formalisms into a global specification that can be used for several purposes such as code generation, specification correctness proof, model checking or automatic test generation. In this paper, we applied our approach to a France Telecom Travel service to demonstrate its scalability and feasibility.