Abstract
Information systems are widely used and help in the management of huge quantities of data. Generally, these data are valuable or sensitive, their access must be restricted to granted users. Security is a mandatory requirement for information systems. Several methods already exist to express access control policies, but few of them, like eb 3 sec, support all kinds of constraints that can be defined in access control policies. In this paper, we present how to use eb 3 sec to express two kinds of access control constraints : permissions and prohibitions. Once, constraints are expressed, we provide algorithms to verify that the model of the policy do not lead to deadlock.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Ni, Q., Bertino, E., Lobo, J.: An obligation model bridging access control policies and privacy policies. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, SACMAT 2008, pp. 133–142. ACM, New York (2008)
Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control. Artech House, Inc., Norwood (2003)
Konopacki, P., Frappier, M., Laleau, R.: Expressing access control policies with an event-based approach. In: WISSE (2011)
Frappier, M., St-Denis, R.: EB3: an entity-based black-box specification method for information systems. Software and System Modeling 2(2), 134–149 (2003)
Fraikin, B., Frappier, M., Laleau, R.: State-based versus event-based specifications for information systems: a comparison of B and EB3. Software and Systems Modeling 4(3), 236–257 (2005)
Anderson, A.: XACML Profile for Role Based Access Control (RBAC). OASIS Standard (2004)
Kalam, A.A.E., Benferhat, S., Miège, A., Baida, R.E., Cuppens, F., Saurel, C., Balbiani, P., Deswarte, Y., Trouessin, G.: Organization based access control. In: Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2003, pp. 120–130. IEEE Computer Society, Washington, DC (2003)
Frappier, M., Fraikin, B., Chossart, R., Chane-Yack-Fa, R., Ouenzar, M.: Comparison of Model Checking Tools for Information Systems. In: Dong, J.S., Zhu, H. (eds.) ICFEM 2010. LNCS, vol. 6447, pp. 581–596. Springer, Heidelberg (2010)
Belhaouari, H., Peschanski, F.: A Lightweight Container Architecture for Runtime Verification. In: Leucker, M. (ed.) RV 2008. LNCS, vol. 5289, pp. 173–187. Springer, Heidelberg (2008)
Moses, T.: eXtensible Access Control Markup Langage (XACML) Version 2.0. OASIS Standard (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Konopacki, P., Belhaouari, H., Frappier, M., Laleau, R. (2012). Specification and Verification of Access Control Policies in EB3SEC: Work in Progress. In: Garcia-Alfaro, J., Lafourcade, P. (eds) Foundations and Practice of Security. FPS 2011. Lecture Notes in Computer Science, vol 6888. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27901-0_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-27901-0_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27900-3
Online ISBN: 978-3-642-27901-0
eBook Packages: Computer ScienceComputer Science (R0)