A correct-by-construction model for attribute-based access control (original) (raw)

References

  1. Abrial, J.R.: Modeling in Event-B: system and software engineering. Cambridge University Press, Cambridge (2010)
    Book Google Scholar
  2. Abrial, J.R., Butler, M., Hallerstede, S., Hoang, T.S., Mehta, F., Voisin, L.: Rodin: an open toolset for modelling and reasoning in event-b. Int. J. Softw. Tools Technol. Transf. 12(6), 447–466 (2010)
    Article Google Scholar
  3. Akeel, F., Salehi Fathabadi, A., Paci, F., Gravell, A., Wills, G.: Formal modelling of data integration systems security policies. Data Sci. Eng. 1(3), 139–148 (2016). https://doi.org/10.1007/s41019-016-0016-y
    Article Google Scholar
  4. Anderson, A., Nadalin, A., Parducci, B., Engovatov, D., Lockhart, H., Kudo, M., Humenn, P., Godik, S., Anderson, S., Crocker, S., et al.: Extensible access control markup language (XACML) version 1.0. OASIS (2003)
  5. Benyagoub, S., Ouederni, M., Aït-Ameur, Y., Mashkoor, A.: Incremental construction of realizable choreographies. In: NASA Formal Methods Symposium, pp. 1–19. Springer, New York (2018)
  6. Farah, Z., Ait-Ameur, Y., Ouederni, M., Tari, K.: A correct-by-construction model for asynchronously communicating systems. Int. J. Softw. Tools Technol. Transf. 19(4), 465–485 (2017)
    Article Google Scholar
  7. Heljanko, K., Junttila, T., Keinänen, M., Lange, M., Latvala, T.: Bounded model checking for weak alternating büchi automata. In: International Conference on Computer Aided Verification, pp. 95–108. Springer, New York (2006)
  8. Hoang, T.S., Basin, D., Abrial, J.R.: Specifying access control in event-b. Tech. Rep. (2009). https://doi.org/10.3929/ethz-a-006733720
    Article MATH Google Scholar
  9. Hu, V., Ferraiolo, D., Kuhn, D., Schnitzer, A., Sandlin, K., Miller, R., Scarfone, K.: Guide to attribute based access control (abac) definition and considerations, pp. 162–800. National Institute of Standards and Technology Special Publication (2014)
  10. Hu, V.C., Kuhn, D.R., Ferraiolo, D.F.: Attribute-based access control. Computer 48(2), 85–88 (2015)
    Article Google Scholar
  11. Hu, V.C., Kuhn, R., Yaga, D.: Verification and test methods for access control policies/models. NIST Spec. Publ. 800, 192 (2017)
    Google Scholar
  12. Hughes, G., Bultan, T.: Automated verification of access control policies using a SAT solver. Int. J. Softw. Tools Technol. Transf. 10(6), 503–520 (2008)
    Article Google Scholar
  13. Huynh, N., Frappier, M., Mammar, A., Laleau, R., Desharnais, J.: A formal validation of the RBAC ANSI 2012 standard using b. Sci. Comput. Program. 131, 76–93 (2016)
    Article Google Scholar
  14. Hwang, J., Xie, T., Hu, V., Altunay, M.: Acpt: A tool formodeling and verifying access control policies. In: 2010 IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY), pp. 40–43. IEEE (2010)
  15. Idani, A., Ledru, Y.: B for modeling secure information systems. In: International Conference on Formal Engineering Methods, pp. 312–318. Springer, New York (2015)
  16. Jayaraman, K., Tripunitara, M., Ganesh, V., Rinard, M., Chapin, S.: Mohawk: Abstraction-refinement and bound-estimation for verifying access control policies. ACM Trans. Inf. Syst. Secur. 15(4), 18 (2013)
    Article Google Scholar
  17. Leuschel, M., Butler, M.: Prob: A model checker for b. In: International Symposium of Formal Methods Europe, pp. 855–874. Springer, New York (2003)
  18. Mammass, M., Ghadi, F.: Access control models: State of the art and comparative study. In: 2014 Second World Conference on Complex Systems (WCCS), pp. 431–435. IEEE (2014)
  19. Martin, E., Hwang, J., Xie, T., Hu, V.: Assessing quality of policy properties in verification of access control policies. In: 2008 Annual Computer Security Applications Conference (ACSAC), pp. 163–172. IEEE (2008)
  20. Méry, D., Singh, N.K.: Formal specification of medical systems by proof-based refinement. ACM Trans. Embed. Comput. Syst. 12(1), 15 (2013)
    Article Google Scholar
  21. Osborn, S., Sandhu, R., Munawer, Q.: Configuring role-based access control to enforce mandatory and discretionary access control policies. ACM Trans. Inf. Syst. Secur. 3(2), 85–106 (2000)
    Article Google Scholar
  22. Seol, K., Kim, Y.G., Lee, E., Seo, Y.D., Baik, D.K.: Privacy-preserving attribute-based access control model for xml-based electronic health record system. IEEE Access 6, 9114–9128 (2018)
    Article Google Scholar
  23. Shu, C.c., Yang, E.Y., Arenas, A.E.: Detecting conflicts in abac policies with rule-reduction and binary-search techniques. In: IEEE International Symposium on Policies for Distributed Systems and Networks, 2009. POLICY 2009, pp. 182–185. IEEE (2009)
  24. Thiranant, N., Sain, M., Lee, H.J.: A design of security framework for data privacy in e-health system using web service. In: 16th International Conference on Advanced Communication Technology, pp. 40–43. IEEE (2014)
  25. Wang, L., Wijesekera, D., Jajodia, S.: A logic-based framework for attribute based access control. In: Proceedings of the 2004 ACM workshop on Formal methods in security engineering, pp. 45–55. ACM (2004)
  26. Yong, J., Bertino, E., Roberts, M.T.D.: Extended rbac with role attributes. PACIS 2006 Proceedings, p. 8 (2006)
  27. Zhang, N., Ryan, M., Guelev, D.P.: Evaluating access control policies through model checking. In: International Conference on Information Security, pp. 446–460. Springer, New York (2005)

Download references