A Design by Contract Approach to Verify Access Control Policies

Abstract : In the security domain, the access control consists in specifying who can access to what and how, with four well-known concepts permissions, prohibitions, obligations and separation of duty. The language ACA follows these traits and proposes a novel management of security parameter with the ability to distinguish policy for user, role or organization inside the secure action. All these concepts, closely related to the design by contract domain, allow us to introduce a method that transforms access control policies into classical contracts (invariants, pre/post-conditions). With this transformation, usual technique used in model checking can be used to verify access control policies. In our approach, we use the Tamago platform for describing, analyzing and simulating the obtained contract. Security scenarios can also be generated to test an access control policy. The Tamago platform can also be used to test the functional part of the system, which can be used in addition to access control verification.
Liste complète des métadonnées

Cited literature [24 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-00724267
Contributor : Hakim Belhaouari <>
Submitted on : Wednesday, February 20, 2013 - 7:00:03 AM
Last modification on : Friday, September 21, 2018 - 10:48:02 AM
Document(s) archivé(s) le : Friday, March 31, 2017 - 11:51:39 AM

File

belh-kono13Avril.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Hakim Belhaouari, Pierre Konopacki, Régine Laleau, Marc Frappier. A Design by Contract Approach to Verify Access Control Policies. IEEE Computer Society, 2012, pp.263-272. ⟨10.1109/ICECCS.2012.4⟩. ⟨hal-00724267⟩

Share

Metrics

Record views

372

Files downloads

267