Paper Info
Title
A verifiable formal specification for RBAC model with constraints of separation of duty
Abstract
Formal method provides a way to achieve an exact and consistent definition of security for a given scenario. This paper presents a formal state-based verifiable RBAC model described with Z language, in which the state-transition functions are specified formally. Based on the separation of duty policy, the constraint rules and security theorems are constructed. Using a case study, we show how to specify and verify the consistency of formal RBAC system with theorem proving. By specifying RBAC model formally, it provides a precise description for the system security requirements. The internal consistency of this model can be validated by verification of the model.
Year
DOI
Venue
2006
10.1007/11937807_16
Inscrypt
Keywords
Field
DocType
consistent definition,verifiable formal specification,formal method,system security requirement,z language,security theorem,rbac model,formal rbac system,case study,internal consistency,state-based verifiable rbac model,formal specification,theorem proving,system security,separation of duty,state transition
Computer science,Computer security,Automated theorem proving,Role-based access control,Proof theory,Formal specification,Verifiable secret sharing,Access control,Formal methods,Separation of duties
Conference
Volume
ISSN
ISBN
4318
0302-9743
3-540-49608-4
Citations 
PageRank 
References 
15
0.64
10
Authors
4
Name
Order
Citations
PageRank
Chunyang Yuan1181.73
Yeping He27714.64
Jian-Bo He3211.36
Zhouyi Zhou4171.38