TU Darmstadt / ULB / TUbiblio

Incremental Development of RBAC-controlled E-marking System Using the B Method

Al-Hadhrami, Nasser ; Aziz, Benjamin ; Sardesai, Shantanu ; Othmane, Lotfi Ben (2015)
Incremental Development of RBAC-controlled E-marking System Using the B Method.
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Role-based Access Control (RBAC) models are access policies that associate access rights to roles of subjects on objects. The incremental development of software by adding new features and the insertion of new access rules potentially render the model inconsistent and create security flaws. This paper proposes modeling (RBAC) models using the B language such that it is possible to reevaluate the consistency of the models following model changes. It shows the mechanism of formalizing (RBAC) policies of an Electronic Marking System (EMS) using B specifications and illustrates the verification of the consistency of the (RBAC) specification, using model checking and proof obligations.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2015
Autor(en): Al-Hadhrami, Nasser ; Aziz, Benjamin ; Sardesai, Shantanu ; Othmane, Lotfi Ben
Art des Eintrags: Bibliographie
Titel: Incremental Development of RBAC-controlled E-marking System Using the B Method
Sprache: Deutsch
Publikationsjahr: August 2015
Buchtitel: Proc. the 10th International Conference on Availability, Reliability and Security (ARES 2015)
Kurzbeschreibung (Abstract):

Role-based Access Control (RBAC) models are access policies that associate access rights to roles of subjects on objects. The incremental development of software by adding new features and the insertion of new access rules potentially render the model inconsistent and create security flaws. This paper proposes modeling (RBAC) models using the B language such that it is possible to reevaluate the consistency of the models following model changes. It shows the mechanism of formalizing (RBAC) policies of an Electronic Marking System (EMS) using B specifications and illustrates the verification of the consistency of the (RBAC) specification, using model checking and proof obligations.

Freie Schlagworte: Secure Software Engineering Group
ID-Nummer: TUD-CS-2015-1185
Fachbereich(e)/-gebiet(e): LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Fachbereich Informatik > Datenbanken und Verteilte Systeme
LOEWE > LOEWE-Zentren
20 Fachbereich Informatik
LOEWE
Hinterlegungsdatum: 30 Dez 2016 20:23
Letzte Änderung: 17 Mai 2018 13:02
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen