Skip to Main content Skip to Navigation
Journal articles

A Design by Contract Approach to Verify Access Control Policies

Abstract : In the security domain, the access control consists in specifying who can access to what and how, with four well-known concepts permissions, prohibitions, obligations and separation of duty. The language ACA follows these traits and proposes a novel management of security parameter with the ability to distinguish policy for user, role or organization inside the secure action. All these concepts, closely related to the design by contract domain, allow us to introduce a method that transforms access control policies into classical contracts (invariants, pre/post-conditions). With this transformation, usual technique used in model checking can be used to verify access control policies. In our approach, we use the Tamago platform for describing, analyzing and simulating the obtained contract. Security scenarios can also be generated to test an access control policy. The Tamago platform can also be used to test the functional part of the system, which can be used in addition to access control verification.
Complete list of metadata

Cited literature [24 references]  Display  Hide  Download
Contributor : Hakim Belhaouari <>
Submitted on : Wednesday, February 20, 2013 - 7:00:03 AM
Last modification on : Wednesday, February 10, 2021 - 12:30:02 PM
Long-term archiving on: : Friday, March 31, 2017 - 11:51:39 AM


Files produced by the author(s)




Hakim Belhaouari, Pierre Konopacki, Régine Laleau, Marc Frappier. A Design by Contract Approach to Verify Access Control Policies. IEEE Computer Society, 2012, pp.263-272. ⟨10.1109/ICECCS.2012.4⟩. ⟨hal-00724267⟩



Record views


Files downloads