Rigorous Analysis of UML Access Control Policy Models

Sun, Wuliang; France, Robert; Ray, Indrakshi

doi:10.1109/policy.2011.30

Cited by 16 publications

(9 citation statements)

References 15 publications

(18 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The slicing technique is used to improve the efficiency of a model analysis technique that involves checking a sequence of operation invocations to uncover violations in specified invariants [SFR11]. The slicing approach automatically generates slicing criteria consisting of a subset of invariants and operation specifications, and uses the criteria to extract metamodel fragments, where each metamodel fragment can be analyzed separately.…”

Section: Model Slicingmentioning

confidence: 99%

Using Slicing to Improve the Performance of Model Invariant Checking.

Sun¹,

Combemale²,

France³

et al. 2015

JOT

Self Cite

View full text Add to dashboard Cite

In Model Driven Development (MDD), it is important to ensure that a model conforms to the invariants defined in the metamodel. Such invariant checking can improve developers' understanding of modeled aspects of complex systems and uncover structural errors in design models. General-purpose rigorous analysis tools that check invariants are likely to perform the analysis over the entire metamodel and model. Since modern day software is exceedingly complex, the size of the model together with the metamodel can be very large. Consequently, invariant checking can take a very long time. For example, checking a model consisting of 5,000 elements can take up to several hours if the analysis completes. Moreover, sometimes the analysis process cannot be completed as the system resources get exhausted. To this end, we introduce model slicing within the invariant checking process, and use a slicing technique to reduce the size of the inputs in order to make invariant checking of large models feasible with existing tools. The evaluation we performed provides evidence that model slicing can significantly reduce the time to perform the invariant checking. In the experiments that we conducted, we achieved speedups ranging from 1.5 to 36.0 and we also demonstrate the correctness of the checking results.

show abstract

Section: Model Slicingmentioning

confidence: 99%

Using Slicing to Improve the Performance of Model Invariant Checking.

Sun¹,

Combemale²,

France³

et al. 2015

JOT

Self Cite

View full text Add to dashboard Cite

show abstract

“…Song et al use Aspect-Oriented Modelling to represent RBAC policies as crosscutting concerns in a UML model, and provides support for verifying properties that the model should satisfy [38]. Sun et al translate UML models to Alloy in order to verify properties using a SAT solver [39]. Finally, Sohr et al concentrate on the satisfaction of constraints such as separation of duty, using OCL [37], as well as dynamic, time-based constraints [26], using a domain-specific modelling language (DSML) for RBAC.…”

Section: Access Control and Verificationmentioning

confidence: 99%

Run-time generation, transformation, and verification of access control models for self-protection

Bailey

Montrieux

Lemos

et al. 2014

Proceedings of the 9th International Symposium on Software Engineering for Adaptive and Self-Managing Systems

View full text Add to dashboard Cite

Self-adaptive access control, in which self-* properties are applied to protecting systems, is a promising solution for the handling of malicious user behaviour in complex infrastructures. A major challenge in self-adaptive access control is ensuring that chosen adaptations are valid, and produce a satisfiable model of access. The contribution of this paper is the generation, transformation and verification of Role Based Access Control (RBAC) models at run-time, as a means for providing assurances that the adaptations to be deployed are valid. The goal is to protect the system against insider threats by adapting at run-time the access control policies associated with system resources, and access rights assigned to users. Depending on the type of attack, and based on the models from the target system and its environment, the adapted access control models need to be evaluated against the RBAC metamodel, and the adaptation constraints related to the application. The feasibility of the proposed approach has been demonstrated in the context of a fully working prototype using malicious scenarios inspired by a well documented case of insider attack.

show abstract

“…Several papers have examined the automated verification of AC models and generic policies, and a number of techniques have been proposed to verify them [8], [9], [15], [16], [17], [18], [19], [20]. The great number of different techniques is mostly the result of the need for more expressive power or better performance.…”

Section: Related Workmentioning

confidence: 99%

Verification of Secure Inter-operation Properties in Multi-domain RBAC Systems

Gouglidis

Mavridis

2013

2013 IEEE Seventh International Conference on Software Security and Reliability Companion

View full text Add to dashboard Cite

The increased complexity of modern access control (AC) systems stems partly from the need to support diverse and multiple administrative domains. Systems engineering is a key technology to manage this complexity since it is capable of assuring that an operational system will adhere to the initial conceptual design and defined requirements. Specifically, the verification stage of an AC system should be based on techniques that have a sound and mathematical underpinning. Working on this assumption, model checking techniques are applied for the verification of predefined system properties, and thus, conducting a security analysis of a system. In this paper, we propose the utilization of automated and error-free model checking techniques for the verification of security properties in multidomain AC systems. Therefore, we propose a formal definition in temporal logic of four AC system properties regarding secure inter-operation with Role-Based Access Control (RBAC) policies in order to be verified by using model checking. For this purpose, we demonstrate the implementation of a tool chain for expressing RBAC security policies, reasoning on role hierarchies and properly feeding the model checking process. The proposed approach can be applied in any RBAC model to efficiently detect non-conformance between an AC system and its security specifications. As a proof of concept, we provide examples illustrating the verification of the defined secure inter-operation properties in multi-domain RBAC policies.

show abstract

Rigorous Analysis of UML Access Control Policy Models

Cited by 16 publications

References 15 publications

Using Slicing to Improve the Performance of Model Invariant Checking.

Using Slicing to Improve the Performance of Model Invariant Checking.

Run-time generation, transformation, and verification of access control models for self-protection

Verification of Secure Inter-operation Properties in Multi-domain RBAC Systems

Contact Info

Product

Resources

About