A Design by Contract Approach to Verify Access Control Policies

Abstract : In the security domain, the access control consists in specifying who can access to what and how, with four well-known concepts permissions, prohibitions, obligations and separation of duty. The language ACA follows these traits and proposes a novel management of security parameter with the ability to distinguish policy for user, role or organization inside the secure action. All these concepts, closely related to the design by contract domain, allow us to introduce a method that transforms access control policies into classical contracts (invariants, pre/post-conditions). With this transformation, usual technique used in model checking can be used to verify access control policies. In our approach, we use the Tamago platform for describing, analyzing and simulating the obtained contract. Security scenarios can also be generated to test an access control policy. The Tamago platform can also be used to test the functional part of the system, which can be used in addition to access control verification.
Type de document :
Article dans une revue
IEEE Computer Society, 2012, pp.263-272. 〈10.1109/ICECCS.2012.4〉
Liste complète des métadonnées

Littérature citée [24 références]  Voir  Masquer  Télécharger

Contributeur : Hakim Belhaouari <>
Soumis le : mercredi 20 février 2013 - 07:00:03
Dernière modification le : vendredi 21 septembre 2018 - 10:48:02
Document(s) archivé(s) le : vendredi 31 mars 2017 - 11:51:39


Fichiers produits par l'(les) auteur(s)




Hakim Belhaouari, Pierre Konopacki, Régine Laleau, Marc Frappier. A Design by Contract Approach to Verify Access Control Policies. IEEE Computer Society, 2012, pp.263-272. 〈10.1109/ICECCS.2012.4〉. 〈hal-00724267〉



Consultations de la notice


Téléchargements de fichiers