Al-Hadhrami, Nasser ; Aziz, Benjamin ; Sardesai, Shantanu ; Othmane, Lotfi Ben (2015)
Incremental Development of RBAC-controlled E-marking System Using the B Method.
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Role-based Access Control (RBAC) models are access policies that associate access rights to roles of subjects on objects. The incremental development of software by adding new features and the insertion of new access rules potentially render the model inconsistent and create security flaws. This paper proposes modeling (RBAC) models using the B language such that it is possible to reevaluate the consistency of the models following model changes. It shows the mechanism of formalizing (RBAC) policies of an Electronic Marking System (EMS) using B specifications and illustrates the verification of the consistency of the (RBAC) specification, using model checking and proof obligations.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2015 |
| Autor(en): | Al-Hadhrami, Nasser ; Aziz, Benjamin ; Sardesai, Shantanu ; Othmane, Lotfi Ben |
| Art des Eintrags: | Bibliographie |
| Titel: | Incremental Development of RBAC-controlled E-marking System Using the B Method |
| Sprache: | Deutsch |
| Publikationsjahr: | August 2015 |
| Buchtitel: | Proc. the 10th International Conference on Availability, Reliability and Security (ARES 2015) |
| Kurzbeschreibung (Abstract): | Role-based Access Control (RBAC) models are access policies that associate access rights to roles of subjects on objects. The incremental development of software by adding new features and the insertion of new access rules potentially render the model inconsistent and create security flaws. This paper proposes modeling (RBAC) models using the B language such that it is possible to reevaluate the consistency of the models following model changes. It shows the mechanism of formalizing (RBAC) policies of an Electronic Marking System (EMS) using B specifications and illustrates the verification of the consistency of the (RBAC) specification, using model checking and proof obligations. |
| Freie Schlagworte: | Secure Software Engineering Group |
| ID-Nummer: | TUD-CS-2015-1185 |
| Fachbereich(e)/-gebiet(e): | LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt 20 Fachbereich Informatik > Datenbanken und Verteilte Systeme LOEWE > LOEWE-Zentren 20 Fachbereich Informatik LOEWE |
| Hinterlegungsdatum: | 30 Dez 2016 20:23 |
| Letzte Änderung: | 17 Mai 2018 13:02 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum