Title :
A Design by Contract Approach to Verify Access Control Policies
Author :
Belhaouari, H. ; Konopacki, P. ; Laleau, R. ; Frappier, M.
Author_Institution :
XLIM-SIC, Univ. de Poitiers, Poitiers, France
Abstract :
In the security domain, access control (AC) consists in specifying who can access to what and how, with the four well-known concepts of permission, prohibition, obligation and separation of duty. In this paper, we focus on role-based access control (RBAC) models and more precisely on the verification of formal RBAC models. We propose a solution for this verification issue, based on the use of the Tamago platform. In Tamago, functional contracts can be defined with pre/post conditions and deterministic automata. The Tamago platform provides tools for static verifications of these contracts, generation of test scenarios from the abstract contracts and monitoring facilities for dynamic analyses. We have extended the platform to take into account AC aspects. AC rules, expressed in a subset of EB3SEC, a process algebra-based language, are translated into pre and post conditions of new security contracts. We have also adapted the test case generator to derive suitable test scenarios and the monitoring framework by adding a new security component.
Keywords :
authorisation; process algebra; system monitoring; AC rules; EB3SEC; RBAC models; Tamago platform; access control policy verification; contract approach; deterministic automata; dynamic analyses; process algebra-based language; role-based access control; security domain; static verifications; test case generator; verification issue; Access control; Automata; Containers; Contracts; Monitoring; Access control specification; Design by Contract; verification;
Conference_Titel :
Engineering of Complex Computer Systems (ICECCS), 2012 17th International Conference on
Conference_Location :
Paris
Print_ISBN :
978-1-4673-2156-3
