Abstract
The purpose a security policy is to specify rules to govern access to system resources preferably without considering implementation details. Both policy and its implementation might be altered, and after introducing changes, it is not obvious that they are consistent. Therefore, we need to validate conformance between policy and its implementation. In this paper we describe an approach based on finite-model checking to verify that a RBAC implementation conforms to a security policy. We make use of the model-checking system SPIN, and show how to express RBAC policy constraints by means of LTL and how to model an RBAC implementation in SPIN’s internal modeling language PROMELA.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-Based Access Control. Artech House (2003)
Holzmann, G.: The Spin Model Checker. Addison-Wesley, Massachusetts (2004)
Giuri, L., Iglio, P.: A formal model for role-based access control with constraints. In: 9th IEEE Computer Security Foundations Workshop, pp. 136–145 (1996)
Simon, R., Zurko, M.E.: Separation of duty in role-based environments. In: 10th IEEE Computer Security Foundations Workshop, pp. 183–194 (1997)
Kuhn, D.R.: Mutual exclusion of roles as a means of implementing separation of duty in role-based access control systems. In: 2nd ACM workshop on Role-based access control, pp. 23–30 (1997)
Gligor, V.D., Gavrila, S.I., Ferraiolo, D.: On the formal definition of separation-of-duty policies and their composition. In: IEEE Symp. Sec. Priv., pp. 172–183 (1998)
Nyanchama, M., Osborn, S.: The role graph model and conflict of interest. ACM Trans. Inf. Syst. Sec. 2, 3–33 (1999)
Hansen, F., Oleshchuk, V.: Spatial role-based access control model for wireless networks. In: IEEE Vehicular Technology Conf., vol. 3, pp. 2093–2097 (2003)
Hansen, F., Oleshchuk, V.: SRBAC: A spatial role-based access control model for mobile systems. In: 7th Nordic Workshop on Secure IT Systems, pp. 129–141 (2003)
Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A Temporal Role-based Access Control Model. ACM Trans. Inf. Syst. Sec. 4, 191–223 (2001)
Joshi, J.B.D., Bertino, E., Latif, U., Ghafoor, A.: Generalized Temporal Role Based Access Control Model (GTRBAC). Technical report, CERIAS TR 2001-47, Purdue University, USA (2001)
Clark, D.R., Wilson, D.R.: A comparison of commercial and military computer security policies. In: IEEE Symp. Sec. Priv., pp. 184–194 (1987)
Nash, M.J., Poland, K.R.: Some conundrums concerning separation of duty. In: IEEE Symp. Sec. Priv., pp. 201–209 (1990)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hansen, F., Oleshchuk, V. (2005). Conformance Checking of RBAC Policy and its Implementation. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2005. Lecture Notes in Computer Science, vol 3439. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31979-5_13
Download citation
DOI: https://doi.org/10.1007/978-3-540-31979-5_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25584-0
Online ISBN: 978-3-540-31979-5
eBook Packages: Computer ScienceComputer Science (R0)