Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security and Cryptology

Inscrypt 2006: Information Security and Cryptology pp 196–210Cite as

A Verifiable Formal Specification for RBAC Model with Constraints of Separation of Duty

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4318))

Abstract

Formal method provides a way to achieve an exact and consistent definition of security for a given scenario. This paper presents a formal state-based verifiable RBAC model described with Z language, in which the state-transition functions are specified formally. Based on the separation of duty policy, the constraint rules and security theorems are constructed. Using a case study, we show how to specify and verify the consistency of formal RBAC system with theorem proving. By specifying RBAC model formally, it provides a precise description for the system security requirements. The internal consistency of this model can be validated by verification of the model.

Supported by National High-Tech Research and Development Program of China (863) under Grant No. 2002AA141080; National Natural Science Foundation of China under Grant No.60073022 and 60373054;Graduate Student Innovation Grant of Chinese Academy of Sciences.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Barroca, L.M., McDrmid, J.A.: Formal Methods: Use and Relevance for the Development of Safety Critical Systems. The Computer Journal 35(6), 579–599 (1992)

    Article  Google Scholar 

  2. Clarke, E., Wing, J.: Formal Methods: State of the Art and Future Directions. ACM Computing Surveys 28(4), 626–643 (1996)

    Article  Google Scholar 

  3. Sandhu, R., Coyne, E.J., Feinstein, H.L.: Role-based Access Control Model. IEEE Computer 29(2), 38–47 (1996)

    Google Scholar 

  4. ANSI INCITS 359-2004. Role Based Access Control. American National Standard for Information Technology (2004)

    Google Scholar 

  5. Shafiq, B., Masood, A., Ghafoor, A., et al.: A Role-Based Access Control Policy Verification Framework for Real-Time Systems. In: IEEE Workshop on Object-oriented Real-time Databases, Sedona, Arizona, pp. 13–20 (2005)

    Google Scholar 

  6. Zao, J., Hochtech, W., Chu J., et al.: RBAC Schema Verification Using Lightweight Formal Model and Constraint Analysis. MIT (December 2002) (accessed, June 2006), http://alloy.mit.edu/contributions/RBAC.pdf

  7. Khayat, E.J., Abdallah, A.E.: A Formal Model for Flat Role-based Access Control. In: ACS/IEEE International Conference on Computer Systems and Applications (AICCSA 2003), July 2003, Tunis, Tunisia (2003)

    Google Scholar 

  8. Drouineaud, M., Bortin, M., Torrini, P., et al.: A First Step Towards Formal Verification of Security Policy Properties for RBAC. In: Proceedings of the Quality Software, Fourth International Conference on (QSIC 2004), pp. 60–67 (September 2004)

    Google Scholar 

  9. Koch, M., Mancini, L.V., Presicce, F.P.: A Graph-Based Formalism for RBAC. ACM Transactions on Information and System Security 5(3), 332–365 (2002)

    Article  Google Scholar 

  10. Zhao, C., Heilili, N., Liu, S.P., et al.: Representation and Reasoning on RBAC: A Description Logic Approach. In: Van Hung, D., Wirsing, M. (eds.) ICTAC 2005. LNCS, vol. 3722, pp. 394–406. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  11. Zhou, Z.Y., Liang, B., Jiang, L.: A Formal Description of SECIMOS Operating System. In: Gorodetsky, V., Kotenko, I., Skormin, V.A. (eds.) MMM-ACNS 2005. LNCS, vol. 3685, pp. 286–297. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  12. Sprivey, J.M.: The Z Notation: A Reference Manual, 2nd edn. Prentice-Hall, Englewood Cliffs (1992)

    Google Scholar 

  13. ORA Canada Z/EVES (accessed, June 2006), http://www.ora.on.ca/z-eves/

  14. Saaltink, M.: Z/EVES 2.0 User’s Guide. TR-99-5493-06a, ORA Canada (October 1999)

    Google Scholar 

  15. Kuhn, D.R.: Mutual Exclusion of Roles as a Means of Implementing Separation of Duty in Role-Based Access Control Systems. In: Proc. of the 2nd ACM Workshop on Role-Based Access Control, Fairfax, VA, pp. 23–30 (1997)

    Google Scholar 

  16. Good, D.I., Akers, R.L., Smith, L.M.: Report on Gypsy 2.05. Tech. Rept. ICSCA-CMP-48, the University of Texas at Austin (1986)

    Google Scholar 

  17. Young, W.D.: Comparing Specification Paradigms: Gypsy and Z. In: Proceedings of the 12th National Computer Security Conference, Baltimore, MA, pp. 83–97 (1989)

    Google Scholar 

  18. Brucker, A.D., Rittinger, F., Wolff, B.: HOL-Z 2.0: A Proof Environment for Z-Specifications. J. UCS 9(2), 152–172 (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Software, Chinese Academy of Sciences, Beijing, 100080, PRC

    Chunyang Yuan, Yeping He, Jianbo He & Zhouyi Zhou

  2. Graduate School of the Chinese Academy of Sciences, Beijing, 100049, PRC

    Chunyang Yuan, Jianbo He & Zhouyi Zhou

Authors
  1. Chunyang Yuan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yeping He
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianbo He
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhouyi Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University College London, UK

    Helger Lipmaa

  2. Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, 10027, New York, NY, USA

    Moti Yung

  3. SKLOIS Lab, Institute of Software, Chinese Academy of Sciences, 100080, Beijing, P.R. China

    Dongdai Lin

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yuan, C., He, Y., He, J., Zhou, Z. (2006). A Verifiable Formal Specification for RBAC Model with Constraints of Separation of Duty. In: Lipmaa, H., Yung, M., Lin, D. (eds) Information Security and Cryptology. Inscrypt 2006. Lecture Notes in Computer Science, vol 4318. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11937807_16

Download citation

  • DOI: https://doi.org/10.1007/11937807_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-49608-3

  • Online ISBN: 978-3-540-49610-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation