TU Darmstadt / ULB / TUbiblio

Incremental Development of RBAC-controlled E-marking System Using the B Method

Al-Hadhrami, Nasser and Aziz, Benjamin and Sardesai, Shantanu and Othmane, Lotfi Ben (2015):
Incremental Development of RBAC-controlled E-marking System Using the B Method.
In: Proc. the 10th International Conference on Availability, Reliability and Security (ARES 2015), [Conference or Workshop Item]

Abstract

Role-based Access Control (RBAC) models are access policies that associate access rights to roles of subjects on objects. The incremental development of software by adding new features and the insertion of new access rules potentially render the model inconsistent and create security flaws. This paper proposes modeling (RBAC) models using the B language such that it is possible to reevaluate the consistency of the models following model changes. It shows the mechanism of formalizing (RBAC) policies of an Electronic Marking System (EMS) using B specifications and illustrates the verification of the consistency of the (RBAC) specification, using model checking and proof obligations.

Item Type: Conference or Workshop Item
Erschienen: 2015
Creators: Al-Hadhrami, Nasser and Aziz, Benjamin and Sardesai, Shantanu and Othmane, Lotfi Ben
Title: Incremental Development of RBAC-controlled E-marking System Using the B Method
Language: German
Abstract:

Role-based Access Control (RBAC) models are access policies that associate access rights to roles of subjects on objects. The incremental development of software by adding new features and the insertion of new access rules potentially render the model inconsistent and create security flaws. This paper proposes modeling (RBAC) models using the B language such that it is possible to reevaluate the consistency of the models following model changes. It shows the mechanism of formalizing (RBAC) policies of an Electronic Marking System (EMS) using B specifications and illustrates the verification of the consistency of the (RBAC) specification, using model checking and proof obligations.

Title of Book: Proc. the 10th International Conference on Availability, Reliability and Security (ARES 2015)
Uncontrolled Keywords: Secure Software Engineering Group
Divisions: LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Department of Computer Science > Databases and Distributed Systems
LOEWE > LOEWE-Zentren
20 Department of Computer Science
LOEWE
Date Deposited: 30 Dec 2016 20:23
Identification Number: TUD-CS-2015-1185
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item