Statecharts: A visual formalism for complex systems
Science of Computer Programming
Informal and Formal Requirements Specification Languages: Bridging the Gap
IEEE Transactions on Software Engineering
Role-Based Access Control Models
Computer
The B-book: assigning programs to meanings
The B-book: assigning programs to meanings
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
An Overview of a Method and its Support Tool for Generating B Specifications from UML Notations
ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Role-Based Access Control
Modelling Contexts in the Or-BAC Model
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
UML-B: Formal modeling and design aided by UML
ACM Transactions on Software Engineering and Methodology (TOSEM)
ProB: an automated analysis toolset for the B method
International Journal on Software Tools for Technology Transfer (STTT)
Ensuring spatio-temporal access control for real-world applications
Proceedings of the 14th ACM symposium on Access control models and technologies
Systematic translation rules from ASTD to event-B
IFM'10 Proceedings of the 8th international conference on Integrated formal methods
A proof-based approach to verifying reachability properties
Proceedings of the 2011 ACM Symposium on Applied Computing
Proving Reachability in B using Substitution Refinement
Electronic Notes in Theoretical Computer Science (ENTCS)
Model-Driven security policy deployment: property oriented approach
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Enforcing ASTD Access-Control Policies with WS-BPEL Processes in SOA Environments
International Journal of Systems and Service-Oriented Engineering
A metamodel of the b modeling of access-control policies: work in progress
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
ACM SIGSOFT Software Engineering Notes
| Hi-index | 0.00 |
Combination of formal and semi-formal methods is more and more required to produce specifications that can be, on the one hand, understood and thus validated by both designers and users and, on the other hand, precise enough to be verified by formal methods. This motivates our aim to use these complementary paradigms in order to deal with security aspects of information systems. This paper presents a methodology to specify access control policies starting with a set of graphical diagrams: UML for the functional model, SecureUML for static access control and ASTD for dynamic access control. These diagrams are then translated into a set of B machines. Finally, we present the formal specification of an access control filter that coordinates the different kinds of access control rules and the specification of functional operations. The goal of such B specifications is to rigorously check the access control policy of an information system taking advantage of tools from the B method.