Formalisation and Implementation of Access control models

Mathieu Jaume 1 Charles Morisset 1
1 SPI - Sémantiques, preuves et implantation
LIP6 - Laboratoire d'Informatique de Paris 6
Abstract : Access control software must be based on a security policy model. Flaws in them may come from a lack of precision or some incoherences in the policy model or from inconsistencies between the model and the code. In this paper, we first present a formalisation of access control models based on the work on an algebra of security models by J. McLean (1988). Then, we describe the implementation of this framework and show how it can be used to obtain a particular security model: the Bell and La Padula security model. Last, as an example, we show how such a program can be integrated for secure databases. All our development is done within the Focal (Rioboo et al., 2004) programming environment which provides a language with object-oriented features allowing to write formal specifications, proofs and programs at the same level.
Document type :
Conference papers
Complete list of metadatas

https://hal.archives-ouvertes.fr/hal-01416686
Contributor : Lip6 Publications <>
Submitted on : Wednesday, December 14, 2016 - 5:05:09 PM
Last modification on : Thursday, March 21, 2019 - 12:58:57 PM

Identifiers

Citation

Mathieu Jaume, Charles Morisset. Formalisation and Implementation of Access control models. ITCC 2005 - International Conference on Information Technology: Coding and Computing, Apr 2005, Las Vegas, United States. pp.703-708, ⟨10.1109/ITCC.2005.154⟩. ⟨hal-01416686⟩

Share

Metrics

Record views

79