A Role-Based Access Control Policy Verification Framework for Real-Time Systems

Authors:
Basit Shafiq;Ammar Masood;James Joshi;Arif Ghafoor
Affiliations:
Purdue University;Purdue University;Univ. of Pittsburgh;Purdue University
Venue:
WORDS '05 Proceedings of the 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems
Year:
2005

Citing 0
Cited 11

A Verification Framework for Temporal RBAC with Role Hierarchy (Short Paper)

ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Access Control Management for SCADA Systems

IEICE - Transactions on Information and Systems
Security Analysis of Role Based Access Control Models Using Colored Petri Nets and CPNtools

Transactions on Computational Science IV
Towards formal security analysis of GTRBAC using timed automata

Proceedings of the 14th ACM symposium on Access control models and technologies
Component-based security policy design with colored Petri nets

Semantics and algebraic specification
A verifiable formal specification for RBAC model with constraints of separation of duty

Inscrypt'06 Proceedings of the Second SKLOIS conference on Information Security and Cryptology
Using timed colored petri nets and CPN-tool to model and verify TRBAC security policies

VECoS'10 Proceedings of the Fourth international conference on Verification and Evaluation of Computer and Communication Systems
Secure interoperation design in multi-domains environments based on colored Petri nets

Information Sciences: an International Journal
Automatic information flow analysis of business process models

BPM'12 Proceedings of the 10th international conference on Business Process Management
Specification and analysis of access control policies for mobile applications

Proceedings of the 18th ACM symposium on Access control models and technologies
Enforcing spatio-temporal access control in mobile applications

Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents a framework for verifying the access control requirements of real-time application systems such as workflow management systems and active databases. The temporal and event-based semantics of these applications can be expressed using event-driven Role Based Access Control (RBAC) model. Any comprehensive access control model such as RBAC requires verification and validation mechanisms to ensure the consistency of access control specification. An inconsistent access control specification exposes the underlying system to numerous vulnerabilities and security risks. In this paper, we propose a Petri-Net based framework for verifying the correctness of event-driven RBAC policies.