• DocumentCode
    1833580
  • Title

    Evaluating RBAC Supported Techniques and their Validation and Verification

  • Author

    Qamar, Nafees ; Ledru, Yves ; Idani, Akram

  • Author_Institution
    CNRS, UJF-Grenoble l, Grenoble, France
  • fYear
    2011
  • fDate
    22-26 Aug. 2011
  • Firstpage
    734
  • Lastpage
    739
  • Abstract
    This paper evaluates the security specification techniques that employ Role Based Access Control (RBAC) variants. RBAC offers a special kind of access control mechanism based on the use of roles to grant permissions. Its variants include role hierarchy and separation of duty (SoD) constraints. The overall management of a RBAC supported system is made through its administrative, review and supporting system functions. In this paper, a summary of semi-formal and formal techniques employing RBAC is provided along with their benefits and limitations. Here, semi-formal techniques refer to UML+OCL while formal ones are based on Alloy. This paper may guide through the process of selecting an appropriate technique to specify security rules. This is done by analyzing the degree of coverage of RBAC including some extensions like SoD and role hierarchy. We also investigate the use of validation and verification tools in these techniques. We find that formal techniques are more amenable to automated analysis as compared to semi-formal ones. Semi-formal techniques are rich in specifying RBAC variants but have prototypic tools. Session based dynamic aspects of RBAC have been partly covered in both techniques.
  • Keywords
    authorisation; formal specification; formal verification; Alloy technique; formal technique; formal validation; formal verification; role hierarchy constraint; role-based access control; security specification technique; semi-formal technique; separation-of-duty constraint; session based RBAC; Access control; Availability; Metals; Scalability; Software; Unified modeling language; RBAC; formal and semi-formal techniques; survey and analysis; verification and validation;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security (ARES), 2011 Sixth International Conference on
  • Conference_Location
    Vienna
  • Print_ISBN
    978-1-4577-0979-1
  • Electronic_ISBN
    978-0-7695-4485-4
  • Type

    conf

  • DOI
    10.1109/ARES.2011.112
  • Filename
    6046029