Article

A Role-Based Access Control Policy Verification Framework for Real-Time Systems

Authors:

Basit Shafiq,

Ammar Masood,

James Joshi,

Arif GhafoorAuthors Info & Claims

WORDS '05: Proceedings of the 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems

Pages 13 - 20

https://doi.org/10.1109/WORDS.2005.11

Published: 02 February 2005 Publication History

Publisher Site

Abstract

This paper presents a framework for verifying the access control requirements of real-time application systems such as workflow management systems and active databases. The temporal and event-based semantics of these applications can be expressed using event-driven Role Based Access Control (RBAC) model. Any comprehensive access control model such as RBAC requires verification and validation mechanisms to ensure the consistency of access control specification. An inconsistent access control specification exposes the underlying system to numerous vulnerabilities and security risks. In this paper, we propose a Petri-Net based framework for verifying the correctness of event-driven RBAC policies.

Cited By

View all

Suntaxi GEl Ghazi ABöhm KKerschbaum FMashatan ANiu JLee A(2019)Mutual AuthorizationsProceedings of the 24th ACM Symposium on Access Control Models and Technologies10.1145/3322431.3325415(213-218)Online publication date: 28-May-2019
https://dl.acm.org/doi/10.1145/3322431.3325415
Ben Fadhel ABianculli DBriand LHuchard MKästner CFraser G(2018)Model-driven run-time enforcement of complex role-based access control policiesProceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering10.1145/3238147.3238167(248-258)Online publication date: 3-Sep-2018
https://dl.acm.org/doi/10.1145/3238147.3238167
de Leon DBrown MJillepalli AStalick AAlves-Foss J(2017)High-level and formal router policy verificationJournal of Computing Sciences in Colleges10.5555/3144605.314463133:1(118-128)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.5555/3144605.3144631
Show More Cited By

Index Terms

A Role-Based Access Control Policy Verification Framework for Real-Time Systems

Recommendations

Delegation in role-based access control

User delegation is a mechanism for assigning access rights available to one user to another user. A delegation can either be a grant or transfer operation. Existing work on delegation in the context of role-based access control models has extensively ...
Role-Based Access Control Models

Since the 1970s, computer systems have featured multiple applications and served multiple users, leading to heightened awareness of data security issues. System administrators and software developers focused on different kinds of access control to ...
Configuring role-based access control to enforce mandatory and discretionary access control policies

Access control models have traditionally included mandatory access control (or lattice-based access control) and discretionary access control. Subsequently, role-based access control has been introduced, along with claims that its mechanisms are general ...

Comments

Information & Contributors

Information

Published In

WORDS '05: Proceedings of the 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems

February 2005

421 pages

ISBN:0769523471

Publisher

IEEE Computer Society

United States

Publication History

Published: 02 February 2005

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 15 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Suntaxi GEl Ghazi ABöhm KKerschbaum FMashatan ANiu JLee A(2019)Mutual AuthorizationsProceedings of the 24th ACM Symposium on Access Control Models and Technologies10.1145/3322431.3325415(213-218)Online publication date: 28-May-2019
https://dl.acm.org/doi/10.1145/3322431.3325415
Ben Fadhel ABianculli DBriand LHuchard MKästner CFraser G(2018)Model-driven run-time enforcement of complex role-based access control policiesProceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering10.1145/3238147.3238167(248-258)Online publication date: 3-Sep-2018
https://dl.acm.org/doi/10.1145/3238147.3238167
de Leon DBrown MJillepalli AStalick AAlves-Foss J(2017)High-level and formal router policy verificationJournal of Computing Sciences in Colleges10.5555/3144605.314463133:1(118-128)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.5555/3144605.3144631
Ben Fadhel ABianculli DBriand LWang XBauer LKerschbaum F(2016)GemRBAC-DSLProceedings of the 21st ACM on Symposium on Access Control Models and Technologies10.1145/2914642.2914656(179-190)Online publication date: 6-Jun-2016
https://dl.acm.org/doi/10.1145/2914642.2914656
Dianxiang Xu Kent MThomas LMouelhi TLe Traon Y(2015)Automated Model-Based Testing of Role-Based Access Control Using Predicate/Transition NetsIEEE Transactions on Computers10.1109/TC.2014.237518964:9(2490-2505)Online publication date: 1-Sep-2015
https://dl.acm.org/doi/10.1109/TC.2014.2375189
Ben Fadhel ABianculli DBriand L(2015)A comprehensive modeling framework for role-based access control policiesJournal of Systems and Software10.1016/j.jss.2015.05.015107:C(110-126)Online publication date: 1-Sep-2015
https://dl.acm.org/doi/10.1016/j.jss.2015.05.015
Accorsi RLehmann ALohmann N(2015)Information leak detection in business process modelsInformation Systems10.1016/j.is.2013.12.00647:C(244-257)Online publication date: 1-Jan-2015
https://dl.acm.org/doi/10.1016/j.is.2013.12.006
Abdunabi RRay IFrance RConti MVaidya JSchaad A(2013)Specification and analysis of access control policies for mobile applicationsProceedings of the 18th ACM symposium on Access control models and technologies10.1145/2462410.2463206(173-184)Online publication date: 12-Jun-2013
https://dl.acm.org/doi/10.1145/2462410.2463206
Huang HKirchner H(2013)Secure interoperation design in multi-domains environments based on colored Petri netsInformation Sciences: an International Journal10.1016/j.ins.2012.09.027221(591-606)Online publication date: 1-Feb-2013
https://dl.acm.org/doi/10.1016/j.ins.2012.09.027
Accorsi RLehmann A(2012)Automatic information flow analysis of business process modelsProceedings of the 10th international conference on Business Process Management10.1007/978-3-642-32885-5_13(172-187)Online publication date: 3-Sep-2012
https://dl.acm.org/doi/10.1007/978-3-642-32885-5_13
Show More Cited By

Abstract

Cited By

Index Terms

Recommendations

Delegation in role-based access control

Role-Based Access Control Models

Configuring role-based access control to enforce mandatory and discretionary access control policies

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations