A Design by Contract Approach to Verify Access Control Policies - Archive ouverte HAL Accéder directement au contenu
Article Dans Une Revue IEEE Computer Society Année : 2012

A Design by Contract Approach to Verify Access Control Policies

Hakim Belhaouari
SIC

Résumé

In the security domain, the access control consists in specifying who can access to what and how, with four well-known concepts permissions, prohibitions, obligations and separation of duty. The language ACA follows these traits and proposes a novel management of security parameter with the ability to distinguish policy for user, role or organization inside the secure action. All these concepts, closely related to the design by contract domain, allow us to introduce a method that transforms access control policies into classical contracts (invariants, pre/post-conditions). With this transformation, usual technique used in model checking can be used to verify access control policies. In our approach, we use the Tamago platform for describing, analyzing and simulating the obtained contract. Security scenarios can also be generated to test an access control policy. The Tamago platform can also be used to test the functional part of the system, which can be used in addition to access control verification.
Fichier principal
Vignette du fichier
belh-kono13Avril.pdf (243.09 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-00724267 , version 1 (20-02-2013)

Identifiants

Citer

Hakim Belhaouari, Pierre Konopacki, Régine Laleau, Marc Frappier. A Design by Contract Approach to Verify Access Control Policies. IEEE Computer Society, 2012, pp.263-272. ⟨10.1109/ICECCS.2012.4⟩. ⟨hal-00724267⟩
277 Consultations
276 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More