Role-Based Access Control Models
Computer
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Reconciling role based management and role based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
The role graph model and conflict of interest
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Bandera: extracting finite-state models from Java source code
Proceedings of the 22nd international conference on Software engineering
Protection in operating systems
Communications of the ACM
Practical safety in flexible access control models
ACM Transactions on Information and System Security (TISSEC)
Information flow analysis of an RBAC system
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Cryptography and data security
Cryptography and data security
A model of OASIS role-based access control and its support for active security
ACM Transactions on Information and System Security (TISSEC)
Verification support for workflow design with UML activity graphs
Proceedings of the 24th International Conference on Software Engineering
Using SPIN to Verify Security Properties of Cryptographic Protocols
Proceedings of the 9th International SPIN Workshop on Model Checking of Software
The specification of process synchronization by path expressions
Operating Systems, Proceedings of an International Symposium
Design of a Policy-Driven Middleware for Secure Distributed Collaboration
ICDCS '02 Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02)
Specification of Secure Distributed Collaboration Systems
ISADS '03 Proceedings of the The Sixth International Symposium on Autonomous Decentralized Systems (ISADS'03)
Non-Interference: Who Needs It?
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
A general theory of security properties
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
ACM Transactions on Information and System Security (TISSEC)
An approach to evaluate policy similarity
Proceedings of the 12th ACM symposium on Access control models and technologies
Generative Programming Approach for Building Pervasive Computing Applications
SEPCASE '07 Proceedings of the 1st International Workshop on Software Engineering for Pervasive Computing Applications, Systems, and Environments
Synthesising verified access control systems through model checking
Journal of Computer Security
Middleware: just another level for orchestration
Proceedings of the 2007 Workshop on Middleware for next-generation converged networks and applications
Enforcing security properties in task-based systems
Proceedings of the 13th ACM symposium on Access control models and technologies
A Verification Framework for Temporal RBAC with Role Hierarchy (Short Paper)
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Security Analysis of Role Based Access Control Models Using Colored Petri Nets and CPNtools
Transactions on Computational Science IV
Towards formal security analysis of GTRBAC using timed automata
Proceedings of the 14th ACM symposium on Access control models and technologies
Feature-based Modelling of a Complex, Online-Reconfigurable Decision Support Service
Electronic Notes in Theoretical Computer Science (ENTCS)
Trust and privacy in attribute based access control for collaboration environments
Proceedings of the 11th International Conference on Information Integration and Web-based Applications & Services
Proceedings of the 15th ACM symposium on Access control models and technologies
Data protection models for service provisioning in the cloud
Proceedings of the 15th ACM symposium on Access control models and technologies
Privacy-preserving similarity measurement for access control policies
Proceedings of the 6th ACM workshop on Digital identity management
Towards automatic update of access control policy
LISA'10 Proceedings of the 24th international conference on Large installation system administration
Run-time agents as a means of reconciling flexibility and scalability of services
WRAC'05 Proceedings of the Second international conference on Radical Agent Concepts: innovative Concepts for Autonomic and Agent-Based Systems
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Evaluating access control policies through model checking
ISC'05 Proceedings of the 8th international conference on Information Security
Policy-Driven configuration and management of agent based distributed systems
Software Engineering for Multi-Agent Systems IV
Modeling TCG-Based secure systems with colored petri nets
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Future Generation Computer Systems
| Hi-index | 0.00 |
In this paper, we present static verification of security requirements for CSCW systems using finite-state techniques, i.e., model checking. The coordination and security constraints of CSCW systems are specified using a role based collaboration model. The verification ensures completeness and consistency of the specification given global requirements. We have developed several verification models to check security properties, such as task-flow constraints, information flow or confidentiality, and assignment of administrative privileges. The primary contribution of this paper is a methodology for verification of security requirements during designing collaboration systems.