Name
Title | ||
|---|---|---|
Formalising and validating RBAC-to-XACML translation using lightweight formal methods |
Abstract | ||
|---|---|---|
The topic of access control has received a new lease of life in recent years as the need for assurance that the correct access control policy is in place is seen by many as crucial to providing assurance to individuals that their data is being treated appropriately. This trend is likely to continue with the increase in popularity of social networking sites and shifts to ‘cloud’-like commercial services: in both contexts, a clear statement of “who can do what” to one’s data is key in engendering trust. While approaches such as role-based access control (RBAC) provide a degree of abstraction, therefore increasing manageability and accessibility, policy languages such as the XML-based XACML provide greater degrees of expressibility—and, as a result, increased complexity. In this paper we explore how the mutual benefits of both RBAC and XACML, and Alloy and Z, may be used to best effect. RBAC is used as an accessible conceptual model; XACML is used as a language of implementation. Our concern is to facilitate the construction and reuse of role-based policies, which may subsequently be deployed in terms of XACML. We wish to provide assurance that these representations and transformations are, in some sense, correct. To this end, we consider formal models of both RBAC and XACML in terms of Z. We also describe how we have taken initial steps in utilising the Alloy Analyzer tool to provide a level of assurance that the two representations are consistent. |
Year | DOI | Venue |
|---|---|---|
2010 | 10.1007/978-3-642-11811-1_26 | ASM |
Keywords | Field | DocType |
best effect,correct access control policy,role-based policy,accessible conceptual model,access control,policy language,rbac-to-xacml translation,clear statement,xml-based xacml,alloy analyzer tool,lightweight formal method,role-based access control,role based access control,conceptual model | Conceptual model,XML,Reuse,Computer science,Computer security,Alloy Analyzer,Role-based access control,XACML,Access control,Formal methods | Conference |
Volume | ISSN | ISBN |
5977 | 0302-9743 | 3-642-11810-0 |
Citations | PageRank | References |
1 | 0.36 | 11 |
Authors | ||
3 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Mark Slaymaker | 1 | 119 | 15.44 |
| David Power | 2 | 124 | 16.71 |
| Andrew Simpson | 3 | 282 | 49.37 |