Welcome to the InfoSci Platform
Reference Hub7
Validation of IS Security Policies Featuring Authorisation Constraints

Validation of IS Security Policies Featuring Authorisation Constraints

Yves Ledru, Akram Idani, Jérémy Milhau, Nafees Qamar, Régine Laleau, Jean-Luc Richier, Mohamed Amine Labiadh
Copyright: © 2015 |Volume: 6 |Issue: 1 |Pages: 23
ISSN: 1947-8186|EISSN: 1947-8194|EISBN13: 9781466678576|DOI: 10.4018/ijismd.2015010102
Cite Article Cite Article

MLA

Ledru, Yves, et al. "Validation of IS Security Policies Featuring Authorisation Constraints." IJISMD vol.6, no.1 2015: pp.24-46. http://doi.org/10.4018/ijismd.2015010102

APA

Ledru, Y., Idani, A., Milhau, J., Qamar, N., Laleau, R., Richier, J., & Labiadh, M. A. (2015). Validation of IS Security Policies Featuring Authorisation Constraints. International Journal of Information System Modeling and Design (IJISMD), 6(1), 24-46. http://doi.org/10.4018/ijismd.2015010102

Chicago

Ledru, Yves, et al. "Validation of IS Security Policies Featuring Authorisation Constraints," International Journal of Information System Modeling and Design (IJISMD) 6, no.1: 24-46. http://doi.org/10.4018/ijismd.2015010102

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

Designing a security policy for an information system (IS) is a non-trivial task. Variants of the RBAC model can be used to express such policies as access-control rules associated to constraints. In this paper, we advocate that currently available tools do not take sufficiently into account the functional description of the application and its impact on authorisation constraints and dynamic aspects of security. The authors suggest translating both security and functional models into a formal language, such as B, whose analysis and animation tools will help validate a larger set of security scenarios. The authors describe how various kinds of constraints can be expressed and animated in this context. The authors also present a tool support which performs this translation and report on a case study where animation and testing techniques were used to validate the security policy of a medical emergency information system.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.