Title :
A Light-Weight Formal Approach for Modeling, Verifying and Integrating Role-Based Access Control Requirements
Author_Institution :
Riphah Int. Univ., Pakistan
Abstract :
As the complexity of access control requirements is increasing to protect valuable organizational data the value of correct specification and integration of access rights into the system specification has also increased. Role-based access control (RBAC) facilitates specification of access control requirements in a flexible manner. However, various available models do not always support effective integration of the requirements into rest of the system specification. Furthermore, automated verification of RBAC model poses the challenge of state-explosion. In this paper we propose a light-weight formal method for model-checking of RBAC specification. We use BT-RBAC model to specify access control requirements. The model is based on a graphical notation with formal semantics and supports a requirements translation process, strong traceability of requirements, and uses a single notation to support effective integration of the model. The automated translation into SAL specification input language is used to formally verify the correctness of the model.
Keywords :
authorisation; formal specification; program interpreters; program verification; specification languages; SAL specification input language; light-weight formal approach; model-checking; requirements translation process; role-based access control requirements; state-explosion; system specification; valuable organizational data; Access control; Data security; Formal specifications; Information security; Management information systems; Medical services; Permission; Protection; Software engineering; Tree graphs; Light-weight Formal Methods; Model-Checking; Role-Based Access Control; Security Requirements;
Conference_Titel :
Software Engineering Conference, 2009. APSEC '09. Asia-Pacific
Conference_Location :
Penang
Print_ISBN :
978-0-7695-3909-6
DOI :
10.1109/APSEC.2009.41
