Skip to main content
SpringerLink
Log in
Book cover

International Symposium On Leveraging Applications of Formal Methods, Verification and Validation

ISoLA 2008: Leveraging Applications of Formal Methods, Verification and Validation pp 831–846Cite as

Weaving Authentication and Authorization Requirements into the Functional Model of a System Using Z Promotion

  • Conference paper

  • 983 Accesses

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 17))

Abstract

The use of Z in software development has focused on specifying the functionality of a system. However, when developing secure system, it is important to address fundamental security aspects, such as authentication, authorization, and auditing. In this paper, we show an approach for building systems from generic and modular security components using promotion technique in Z. The approach focuses on weaving security component into the functionality of a system using promotion technique in Z. For each component, Z notation is used to construct its state-based model and the relevant operations. Once a component is introduced, the defined local operations are promoted to work on the global state. We illustrate this approach on the development of a “secure” model for a conference management system. With this approach, it is possible to specify the core functionalities of a system independently from the security mechanisms. Authentication and authorization are viewed as components which are carefully integrated with the functional system.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abdallah, A.E., Khayat, E.J.: A Fornal Model for Parameterized Role Based Access Control. In: Martinelli, F. (ed.) Formal Aspects in Security and Trust, pp. 233–247. Kluwer, Dordrecht (2004)

    Google Scholar 

  2. Abdallah, A.E., Khayat, E.J.: Formal Z Specifications of Several Flat Role-Based Access Control Models. SEW 0, 282–292 (2006)

    Google Scholar 

  3. Gollmann, D.: Computer Security, 2nd edn. Wiley, Chichester (2005)

    Google Scholar 

  4. Evans, A.: Specifying & verifying concurrent systems using z. In: Naftalin, M., Bertrán, M., Denvir, T. (eds.) FME 1994. LNCS, vol. 873, pp. 366–380. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  5. Gorogiannis, N., Ryan, M.: Minimal refinements of specifications in model and termporal logics. Form. Asp. Comput. 19(1), 35–62 (2007)

    Article  MATH  Google Scholar 

  6. Mouratidis, H., Giorgini, P., Manson, G.: Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems. In: Eder, J., Missikoff, M. (eds.) CAiSE 2003. LNCS, vol. 2681, pp. 63–78. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  7. Heiner, M., Heisel, M.: Modeling safety-critical systems with z and petri nets. In: Felici, M., Kanoun, K., Pasquini, A. (eds.) SAFECOMP 1999. LNCS, vol. 1698, pp. 361–374. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  8. Houston, I.S.C., Josephs, M.B.: Specifying distributed CICS in Z: accessing local and remote resources. Formal Aspects of Computing 6(5), 569–579 (1994)

    Article  Google Scholar 

  9. Jürjens, J.: Umlsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  10. Knight, J.C., Kienzle, D.M.: Preliminary experience using z to specify a safety-critical system. In: Proceedings of the Z User Workshop, London, UK, pp. 109–118. Springer, Heidelberg (1992)

    Google Scholar 

  11. Futcher, L., von Solms, R.: SecSDM: A Model for Integrating Security into the Software Development Life Cycle. In: Fifth World Conference on Information Security Education. IFIP International Federation for Information Processing, vol. 237, pp. 41–48. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  12. Lodderstedt, T., Basin, D.A., Doser, J.: Secureuml: A UML-based modeling language for model-driven security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  13. Nissanke, N.: Component security - issues and an approach. COMPSAC (2), 152–155 (2005)

    Google Scholar 

  14. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

  15. Woodcock, J., Davies, J.: Using Z Specification, Refinement, and Proof. C.A.R Hoare series editor. Prentice Hall International, Englewood Cliffs (1996)

    MATH  Google Scholar 

  16. Zafar, N.A.: Modeling and formal specification of automated train control system using z notation. In: Multitopic Conference, 2006. INMIC 2006, December 23-24, 2006, pp. 438–443. IEEE, Los Alamitos (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. E-Security Research Centre, London South Bank University, 103 Borough Road, London, SE1 0AA, UK

    Ali Nasrat Haidar & Ali E. Abdallah

Authors
  1. Ali Nasrat Haidar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ali E. Abdallah
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Universität Potsdam, August-Bebel-Str. 89, 14482, Potsdam, Germany

    Tiziana Margaria

  2. Technische Universität Dortmund, Otto-Hahn-Str. 14, 44227, Dortmund, Germany

    Bernhard Steffen

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Haidar, A.N., Abdallah, A.E. (2008). Weaving Authentication and Authorization Requirements into the Functional Model of a System Using Z Promotion. In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification and Validation. ISoLA 2008. Communications in Computer and Information Science, vol 17. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88479-8_59

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-88479-8_59

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-88478-1

  • Online ISBN: 978-3-540-88479-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation