A Verification Framework for Temporal RBAC with Role Hierarchy (Short Paper)
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Access Control Management for SCADA Systems
IEICE - Transactions on Information and Systems
Security Analysis of Role Based Access Control Models Using Colored Petri Nets and CPNtools
Transactions on Computational Science IV
Towards formal security analysis of GTRBAC using timed automata
Proceedings of the 14th ACM symposium on Access control models and technologies
Component-based security policy design with colored Petri nets
Semantics and algebraic specification
A verifiable formal specification for RBAC model with constraints of separation of duty
Inscrypt'06 Proceedings of the Second SKLOIS conference on Information Security and Cryptology
Using timed colored petri nets and CPN-tool to model and verify TRBAC security policies
VECoS'10 Proceedings of the Fourth international conference on Verification and Evaluation of Computer and Communication Systems
Secure interoperation design in multi-domains environments based on colored Petri nets
Information Sciences: an International Journal
Automatic information flow analysis of business process models
BPM'12 Proceedings of the 10th international conference on Business Process Management
Specification and analysis of access control policies for mobile applications
Proceedings of the 18th ACM symposium on Access control models and technologies
Hi-index | 0.00 |
This paper presents a framework for verifying the access control requirements of real-time application systems such as workflow management systems and active databases. The temporal and event-based semantics of these applications can be expressed using event-driven Role Based Access Control (RBAC) model. Any comprehensive access control model such as RBAC requires verification and validation mechanisms to ensure the consistency of access control specification. An inconsistent access control specification exposes the underlying system to numerous vulnerabilities and security risks. In this paper, we propose a Petri-Net based framework for verifying the correctness of event-driven RBAC policies.