IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
An access control model for simplifying constraint expression
Proceedings of the 7th ACM conference on Computer and communications security
Alloy: a lightweight object modelling notation
ACM Transactions on Software Engineering and Methodology (TOSEM)
Model Checking - Timed UML State Machines and Collaborations
FTRTFT '02 Proceedings of the 7th International Symposium on Formal Techniques in Real-Time and Fault-Tolerant Systems: Co-sponsored by IFIP WG 2.2
Foundations for a Graph-Based Approach to the Specification of Access Control Policies
FoSSaCS '01 Proceedings of the 4th International Conference on Foundations of Software Science and Computation Structures
Secure Computer Systems: A Retrospective
SP '83 Proceedings of the 1983 IEEE Symposium on Security and Privacy
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
Towards realizing a formal RBAC model in real systems
Proceedings of the 12th ACM symposium on Access control models and technologies
Policy Verification and Validation Framework Based on Model Checking Approach
ICAC '07 Proceedings of the Fourth International Conference on Autonomic Computing
Formal Verification of Business Workflows and Role Based Access Control Systems
SECUREWARE '07 Proceedings of the The International Conference on Emerging Security Information, Systems, and Technologies
Enabling verification and conformance testing for access control model
Proceedings of the 13th ACM symposium on Access control models and technologies
Scenario-Based Static Analysis of UML Class Models
MoDELS '08 Proceedings of the 11th international conference on Model Driven Engineering Languages and Systems
A Rigorous Approach to Uncovering Security Policy Violations in UML Designs
ICECCS '09 Proceedings of the 2009 14th IEEE International Conference on Engineering of Complex Computer Systems
Visual specifications of policies and their verification
FASE'03 Proceedings of the 6th international conference on Fundamental approaches to software engineering
Validating UML models and OCL constraints
UML'00 Proceedings of the 3rd international conference on The unified modeling language: advancing the standard
Rigorous Analysis of UML Access Control Policy Models
POLICY '11 Proceedings of the 2011 IEEE International Symposium on Policies for Distributed Systems and Networks
Verification of UML-Based security policy model
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part III
Conformance checking of RBAC policy and its implementation
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
| Hi-index | 0.00 |
An operating system relies heavily on its security model to defend against malicious attacks. It has been one of the hottest research domains for decades to validate security models' correctness by formal methods during the development of security operating systems. However, current studies on the formal verification of security models are sometimes too sophisticated for the developers of operating systems, who are usually not experts in mathematical reasoning and proving. So representing a security model in UML becomes a compromise choice for the developers' verification work during system developing. In this paper, we propose a new method to verify the security policy model against the security goals using model checker SPIN and UML modeling language. Given a security policy model and the security property to be validated, our approach leverages UML class diagrams and statechart diagrams to specify its state model and its state transitions respectively. Then we translate these UML diagrams into the input language of SPIN automatically, as well as the security property. The conformance between the security goal and security model can finally be analyzed by SPIN. We proved the effectiveness of our approach by checking the violation of confidentiality of the DBLP model.