Skip to main content
SpringerLink
Log in

Transformation of Spatio-Temporal Role Based Access Control Specification to Alloy

  • Conference paper
Model and Data Engineering (MEDI 2012)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 7602))

Included in the following conference series:

Abstract

The recent advances in wireless networks, mobile applications and pervasive computing has prompted an urgent need for the creation of Access Control systems which takes into consideration the location of the user and the time of access. Such systems are even more complex than the conventional Access Control systems. Thus, the need arises for the analysis of the specification of such systems prior to the implementing of the systems. As a result, this paper proposes to use Alloy as a method of automated analysis of Spatio-temporal Role-Based Access Control models (STRBAC). To achieve this, this paper describes a method (AC2Alloy) that allows users to create STRBAC models and transforms them into the required Alloy code automatic, thus allowing for powerful analysis to take place using Alloy analyser utilizing SAT-Solvers. With the help of an example, we show how AC2Alloy convert STRBAC model to Alloy model and verify the resulting model using the Alloy analyser to identify an erroneous design.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 72.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Chen, H.-C., Wang, S.-J., Wen, J.-H., Huang, Y.-F., Chen, C.-W.: A Generalized Temporal and Spatial Role-Based Access Control Model. JNW 5(8), 912–920 (2010)

    Google Scholar 

  2. Ray, I., Toahchoodee, M.: A Spatio-temporal Access Control Model Supporting Delegation for Pervasive Computing Applications. In: Furnell, S.M., Katsikas, S.K., Lioy, A. (eds.) TrustBus 2008. LNCS, vol. 5185, pp. 48–58. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  3. Samuel, A., Ghafoor, A., Bertino, E.: A Framework for Specification and Verification of Generalized Spatio-Temporal Role Based Access Control Model. Technical report, Purdue University, CERIAS TR 2007-08 (February 2007)

    Google Scholar 

  4. Toahchoodee, M., Ray, I.: On the Formal Analysis of a Spatio-Temporal Role-Based Access Control Model. In: Proceedings of the 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, pp. 17–32 (July 2008)

    Google Scholar 

  5. Daniel, J.: Software Abstractions Logic, Language, and Analysis. The MIT Press, Cambridge (2006)

    Google Scholar 

  6. Bertino, E., Catania, B., Damiani, M.L., Perlasca, P.: GEO-RBAC: a spatially aware RBAC. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden, pp. 29–37 (June 2005)

    Google Scholar 

  7. Chen, L., Crampton, J.: On Spatio-Temporal Constraints and Inheritance in Role-Based Access Control. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, Tokyo, Japan, pp. 205–216 (March 2008)

    Google Scholar 

  8. Zao, J., Wee, H., Chu, J., Jackson, D.: RBAC Schema Verification Using Lightweight Formal Model and Constraint Analysis (2002), http://alloy.mit.edu/publications.php

  9. Joshi, J.B.D., Bertino, E., Latif, U., Ghafoor, A.: A Generalized Temporal Role-Based Access Control Model. IEEE Transactions on Knowledge and Data Engineering 17(1), 4–23 (2005)

    Article  Google Scholar 

  10. Ray, I., Toahchoodee, M.: A Spatio-temporal Role-Based Access Control Model. In: Proceedings of the 21st Annual IFIPWG11.3 Working Conference on Data and Applications Security, Redondo Beach, CA, pp. 211–226 (July 2007)

    Google Scholar 

  11. Jackson, D., Schechter, I., Shlyakhter, I.: Alcoa: the alloy constraint analyzer, In: International Conference on Software Engineering (ICSE 2000), pp. 730–733 (2000)

    Google Scholar 

  12. Bordbar, B., Anastasakis, K.: UML2Alloy: A tool for lightweight modelling of Discrete Event Systems. In: IADIS International Conference in Applied Computing 2005, Algarve, Portugal, pp. 209–216 (2005)

    Google Scholar 

  13. Mondal, S., Sural, S.: XML-based policy specification framework for spatiotemporal access control. In: SIN 2009, pp. 98–103 (2009)

    Google Scholar 

  14. Bhatti, R., Joshi, J., Bertino, E., Ghafoor, A.: Access Control in Dynamic XML-Based Web-Services with X-RBAC. In: Proceedings of ICWS 2003 (2003)

    Google Scholar 

  15. Ferraiolo, D.F., Richard Kuhn, D., Chandramouli, R.: Role Based Access Control, 2nd edn (2007)

    Google Scholar 

  16. Ray, I., Bordbar, B., Toahchoodee, M., Anastasakis, K., Georg, G.: Ensuring Spatio-Temporal Access Control for Real-World Applications, pp. 978–971. ACM, doi: 978-1-60558-537-6/09/06

    Google Scholar 

  17. Akehurst, D.H., Bordbar, B., Evans, M.J., Howells, W.G.J., McDonald-Maier, K.D.: SiTra: Simple Transformations in Java. In: Wang, J., Whittle, J., Harel, D., Reggio, G. (eds.) MoDELS 2006. LNCS, vol. 4199, pp. 351–364. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, University of Birmingham, UK

    Emsaieb Geepalla, Behzad Bordbar & Joel Last

Authors
  1. Emsaieb Geepalla
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Behzad Bordbar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Joel Last
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. Enginyeria de Serveis i Sistemes d’Informació, Universitat Politecnica de Catalunya, C. Jordi Girona, 31, 08034, Barcelona, Spain

    Alberto Abelló

  2. LISI/ENSMA, Futuroscope, Poitiers University, Téléport 2 - 1 avenue, Clément Ader, BP 40109, 86961, Futuroscope Chasseneuil cedex, France

    Ladjel Bellatreche

  3. School of Computer Science and Engineering, University of New South Wales, 2052, Sydney, NSW, Australia

    Boualem Benatallah

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Geepalla, E., Bordbar, B., Last, J. (2012). Transformation of Spatio-Temporal Role Based Access Control Specification to Alloy. In: Abelló, A., Bellatreche, L., Benatallah, B. (eds) Model and Data Engineering. MEDI 2012. Lecture Notes in Computer Science, vol 7602. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33609-6_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33609-6_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33608-9

  • Online ISBN: 978-3-642-33609-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation