Formal development of a secure access control filter

Abstract : With the advent of the internet, most organizations offer more and more access to their information systems in order to increase their benefits. However, such an opening may cause security issues if sufficient precautions are not taken. An adequate solution to secure access to information systems consists in (1) defining the sufficient security policies and (2) ensuring their correct deployment on a given technological infrastructure. The present paper deals with the first point by introducing a formal approach that permits to develop a secure filter for an information system that respects different kinds of security rules: functional, static and dynamic rules. The proposed approach uses the \texttt{SecureUML} language to express the static rules and adapts the UML activity diagrams for dynamic ones while the structure of the manipulated data and the functionalities are expressed using a UML class diagram. Starting from these graphical notations, the approach consists in mapping them into a B formal specification to ensure their consistency and validate the system. Finally, a proved filter, which permits to take into account different security rules, is formally derived using the B refinement technique
Type de document :
Communication dans un congrès
HASE 2016 : 17th International Symposium on High-Assurance Systems Engineering, Jan 2016, Orlando, Florida, United States. IEEE, Proceedings HASE 2016 : 17th International Symposium on High-Assurance Systems Engineering, pp.173 - 180, 2016, 〈10.1109/HASE.2016.10〉
Liste complète des métadonnées

https://hal.archives-ouvertes.fr/hal-01298113
Contributeur : Médiathèque Télécom Sudparis & Institut Mines-Télécom Business School <>
Soumis le : mardi 5 avril 2016 - 14:58:49
Dernière modification le : jeudi 11 janvier 2018 - 06:27:35

Identifiants

Citation

Amel Mammar, Thi Mai Nguyen, Régine Laleau. Formal development of a secure access control filter. HASE 2016 : 17th International Symposium on High-Assurance Systems Engineering, Jan 2016, Orlando, Florida, United States. IEEE, Proceedings HASE 2016 : 17th International Symposium on High-Assurance Systems Engineering, pp.173 - 180, 2016, 〈10.1109/HASE.2016.10〉. 〈hal-01298113〉

Partager

Métriques

Consultations de la notice

112