The Z notation: a reference manual
The Z notation: a reference manual
Specification and Validation of a Security Policy Model
IEEE Transactions on Software Engineering
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Software Development with Z: A Practical Approach to Formal Methods in Software Engineering
Software Development with Z: A Practical Approach to Formal Methods in Software Engineering
An Overview of RoZ: A Tool for Integrating UML and Z Specifications
CAiSE '00 Proceedings of the 12th International Conference on Advanced Information Systems Engineering
Formal specification of role-based security policies for clinical information systems
Proceedings of the 2005 ACM symposium on Applied computing
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
Formal verification of security specifications with common criteria
Proceedings of the 2007 ACM symposium on Applied computing
Using Jaza to Animate RoZ Specifications of UML Class Diagrams
SEW '06 Proceedings of the 30th Annual IEEE/NASA Software Engineering Workshop
Formal Z Specifications of Several Flat Role-Based Access Control Models
SEW '06 Proceedings of the 30th Annual IEEE/NASA Software Engineering Workshop
Analyzing and Managing Role-Based Access Control Policies
IEEE Transactions on Knowledge and Data Engineering
Automated analysis of security-design models
Information and Software Technology
On Formalizing and Normalizing Role-Based Access Control Systems
The Computer Journal
Ensuring spatio-temporal access control for real-world applications
Proceedings of the 14th ACM symposium on Access control models and technologies
Comparison of formalisation approaches of UML class constructs in Z and object-Z
ZB'03 Proceedings of the 3rd international conference on Formal specification and development in Z and B
Secure Systems Development with UML
Secure Systems Development with UML
Validation of security policies by the animation of Z specifications
Proceedings of the 16th ACM symposium on Access control models and technologies
A verifiable formal specification for RBAC model with constraints of separation of duty
Inscrypt'06 Proceedings of the Second SKLOIS conference on Information Security and Cryptology
Towards a formal analysis of dynamic reconfiguration in WS-BPEL
Intelligent Decision Technologies
| Hi-index | 0.00 |
This paper is aimed at formally specifying and validating security-design models of an information system. It combines graphical languages and formal methods, integrating specification languages such as UML and an extension, SecureUML, with the Z language. The modeled system addresses both functional and security requirements of a given application. The formal functional specification is built automatically from the UML diagram, using our RoZ tool. The secure part of the model instanciates a generic security-kernel written in Z, free from applications specificity, which models the concepts of RBAC (Role-Based Access Control). The final modeling step creates a link between the functional model and the instanciated security kernel. Validation is performed by animating the model, using the Jaza tool. Our approach is demonstrated on a case-study from the health care sector where confidentiality and integrity appear as core challenges to protect medical records.