Using timed colored petri nets and CPN-tool to model and verify TRBAC security policies

Authors:
Laïd Kahloul;Karim Djouani;Walid Tfaili
Affiliations:
LISSI Laboratory, Paris Est University, Paris, France and Biskra University, Algeria;LISSI Laboratory, Paris Est University, Paris, France and F'SATI at TUT, Pretoria South Africa;LISSI Laboratory, Paris Est University, Paris, France
Venue:
VECoS'10 Proceedings of the Fourth international conference on Verification and Evaluation of Computer and Communication Systems
Year:
2010

Citing 13
Cited 0

The NIST model for role-based access control: towards a unified standard

RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
TRBAC: A temporal role-based access control model

ACM Transactions on Information and System Security (TISSEC)
An Introduction to the Theoretical Aspects of Coloured Petri Nets

A Decade of Concurrency, Reflections and Perspectives, REX School/Symposium
Dynamic access control through Petri net workflows

ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Verifying Enterprise 's Mandatory Access Control Policies with Coloured Petri Nets

WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
A Generalized Temporal Role-Based Access Control Model

IEEE Transactions on Knowledge and Data Engineering
A Role-Based Access Control Policy Verification Framework for Real-Time Systems

WORDS '05 Proceedings of the 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems
Verification of Strict Integrity Policy via Petri Nets

ICSNC '06 Proceedings of the International Conference on Systems and Networks Communication
A Trust and Context Based Access Control Model for Distributed Systems

HPCC '08 Proceedings of the 2008 10th IEEE International Conference on High Performance Computing and Communications
Specification of SA-RBAC Policy Based on Colored Petri Net

WI-IAT '08 Proceedings of the 2008 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology - Volume 03
The Realization of RBAC Model in Office Automation System

FITME '08 Proceedings of the 2008 International Seminar on Future Information Technology and Management Engineering
Verification and Analysis of Access Control Policy with Colored Petri Net

ICCSN '09 Proceedings of the 2009 International Conference on Communication Software and Networks
Injecting a permission-based delegation model to secure web-based workflow systems

ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics

Quantified Score

Hi-index	0.00

Visualization

Abstract

Role Based Access Control (RBAC) is one of the most used models in designing and implementation of security policies in large networking systems. The classical model doesn't consider temporal aspects which are so important in such policies. Temporal RBAC (TRBAC) is proposed to deal with these aspects. Although the elegance of these models, design a security policy remains a challenge. One is obliged to prove the consistency and the correctness of the policy. Using formal verification allows proving that the designed policy is consistent. In this paper, we present a formal modelling/analysis approach for TRBAC policies. We use Timed Colored Petri Nets to model the TRBAC policy, and then CPN-tool is used to analyze the generated models. The analysis allows proving many important properties about the TRBAC security policy.