Title :
A role-based access control policy verification framework for real-time systems
Author :
Shafiq, Basit ; Masood, Ammar ; Joshi, James ; Ghafoor, Arif
Author_Institution :
Purdue Univ., West Lafayette, IN, USA
Abstract :
This paper presents a framework for verifying the access control requirements of real-time application systems such as workflow management systems and active databases. The temporal and event-based semantics of these applications can be expressed using event-driven role based access control (RBAC) model. Any comprehensive access control model such as RBAC requires verification and validation mechanisms to ensure the consistency of access control specification. An inconsistent access control specification exposes the underlying system to numerous vulnerabilities and security risks. In this paper, we propose a Petri-net based framework for verifying the correctness of event-driven RBAC policies.
Keywords :
Petri nets; authorisation; formal specification; formal verification; real-time systems; Petri nets; RBAC model; access control specification; authorisation; event-based semantics; event-driven role based access control model; formal specification; formal verification; real-time application systems; temporal semantics; Access control; Conferences; Databases; Internet; Object oriented modeling; Permission; Real time systems; Safety; Security; Workflow management software;
Conference_Titel :
Object-Oriented Real-Time Dependable Systems, 2005. WORDS 2005. 10th IEEE International Workshop on
Print_ISBN :
0-7695-2347-1
DOI :
10.1109/WORDS.2005.11
