Modelling and Verification of Dynamic Role-Based Access Control

Inna Vistbakka; Elena Troubitsyna

doi:10.1007/978-3-030-00359-3_4

Modelling and Verification of Dynamic Role-Based Access Control

Inna Vistbakka, Elena Troubitsyna

Informaatioteknologia

Tutkimustuotos: Artikkeli kirjassa/raportissa/konferenssijulkaisussa › Konferenssiartikkeli › Tieteellinen › vertaisarvioitu

7 Sitaatiot (Scopus)

Abstrakti

Controlling access to resources is essential for ensuring correctness of system functioning. Role-Based Access Control (RBAC) is a popular authorisation model that regulates the user’s rights to manage system resources based on the user’s role. In this paper, we extend the traditional static approach to defining RBAC and propose as well as formalise a dynamic RBAC model. It allows a designer to explicitly define the dependencies between the system states and permissions to access and modify system resources. To facilitate a systematic description and verification of the dynamic access rights, we propose a contract-based approach and then we demonstrate how to model and verify dynamic RBAC in Event-B. The approach is illustrated by a case study -- a reporting management system.

Alkuperäiskieli	Ei tiedossa
Otsikko	Verification and Evaluation of Computer and Communication Systems - 12th International Conference, VECoS 2018, Grenoble, France, September 26-28, 2018, Proceedings
Toimittajat	Mohamed Faouzi Atig, Saddek Bensalem, Simon Bliudze, Bruno Monsuez
Kustantaja	Springer
Sivut	48–63
ISBN (elektroninen)	978-3-030-00359-3
ISBN (painettu)	978-3-030-00358-6
DOI - pysyväislinkit	https://doi.org/10.1007/978-3-030-00359-3_4
Tila	Julkaistu - 2018
OKM-julkaisutyyppi	A4 Artikkeli konferenssijulkaisuussa
Tapahtuma	International Conference on Verification and Evaluation of Computer and Communication Systems, VECoS - 12th International Conference on Verification and Evaluation of Computer and Communication Systems, VECoS 2018 Kesto: 26 syysk. 2018 → 28 syysk. 2018

Konferenssi

Konferenssi	International Conference on Verification and Evaluation of Computer and Communication Systems, VECoS
Ajanjakso	26/09/18 → 28/09/18

Pääsy asiakirjaan

10.1007/978-3-030-00359-3_4

LARA: Learning and Assessing Risks for Enhancing Dependability of Autonomous Socio- Technical Systems
Troubitsyna, E. (Vastuullinen tutkija), Vistbakka, I. (CoI) & Majd, A. (CoI)
01/01/18 → 31/12/19
Projekti: Research Council of Finland/Other Research Councils

Viittausmuodot

Vistbakka, I., & Troubitsyna, E. (2018). Modelling and Verification of Dynamic Role-Based Access Control. teoksessa M. Faouzi Atig, S. Bensalem, S. Bliudze, & B. Monsuez (Toimittajat), Verification and Evaluation of Computer and Communication Systems - 12th International Conference, VECoS 2018, Grenoble, France, September 26-28, 2018, Proceedings (Sivut 48–63). Springer. https://doi.org/10.1007/978-3-030-00359-3_4

Vistbakka, Inna ; Troubitsyna, Elena. / Modelling and Verification of Dynamic Role-Based Access Control. Verification and Evaluation of Computer and Communication Systems - 12th International Conference, VECoS 2018, Grenoble, France, September 26-28, 2018, Proceedings. Toimittaja / Mohamed Faouzi Atig ; Saddek Bensalem ; Simon Bliudze ; Bruno Monsuez. Springer, 2018. Sivut 48–63

@inproceedings{bbb058078b7a4d92afdbcdfe85c7beff,

title = "Modelling and Verification of Dynamic Role-Based Access Control",

abstract = "Controlling access to resources is essential for ensuring correctness of system functioning. Role-Based Access Control (RBAC) is a popular authorisation model that regulates the user{\textquoteright}s rights to manage system resources based on the user{\textquoteright}s role. In this paper, we extend the traditional static approach to defining RBAC and propose as well as formalise a dynamic RBAC model. It allows a designer to explicitly define the dependencies between the system states and permissions to access and modify system resources. To facilitate a systematic description and verification of the dynamic access rights, we propose a contract-based approach and then we demonstrate how to model and verify dynamic RBAC in Event-B. The approach is illustrated by a case study -- a reporting management system.",

author = "Inna Vistbakka and Elena Troubitsyna",

year = "2018",

doi = "10.1007/978-3-030-00359-3_4",

language = "Odefinierat/ok{\"a}nt",

isbn = "978-3-030-00358-6",

pages = "48–63",

editor = "{Faouzi Atig}, Mohamed and Saddek Bensalem and Simon Bliudze and Bruno Monsuez",

booktitle = "Verification and Evaluation of Computer and Communication Systems - 12th International Conference, VECoS 2018, Grenoble, France, September 26-28, 2018, Proceedings",

publisher = "Springer",

note = "International Conference on Verification and Evaluation of Computer and Communication Systems, VECoS ; Conference date: 26-09-2018 Through 28-09-2018",

}

Vistbakka, I & Troubitsyna, E 2018, Modelling and Verification of Dynamic Role-Based Access Control. julkaisussa M Faouzi Atig, S Bensalem, S Bliudze & B Monsuez (toim), Verification and Evaluation of Computer and Communication Systems - 12th International Conference, VECoS 2018, Grenoble, France, September 26-28, 2018, Proceedings. Springer, Sivut 48–63, International Conference on Verification and Evaluation of Computer and Communication Systems, VECoS, 26/09/18. https://doi.org/10.1007/978-3-030-00359-3_4

Modelling and Verification of Dynamic Role-Based Access Control. / Vistbakka, Inna; Troubitsyna, Elena.
Verification and Evaluation of Computer and Communication Systems - 12th International Conference, VECoS 2018, Grenoble, France, September 26-28, 2018, Proceedings. toim. / Mohamed Faouzi Atig; Saddek Bensalem; Simon Bliudze; Bruno Monsuez. Springer, 2018. s. 48–63.

Tutkimustuotos: Artikkeli kirjassa/raportissa/konferenssijulkaisussa › Konferenssiartikkeli › Tieteellinen › vertaisarvioitu

TY - GEN

T1 - Modelling and Verification of Dynamic Role-Based Access Control

AU - Vistbakka, Inna

AU - Troubitsyna, Elena

PY - 2018

Y1 - 2018

N2 - Controlling access to resources is essential for ensuring correctness of system functioning. Role-Based Access Control (RBAC) is a popular authorisation model that regulates the user’s rights to manage system resources based on the user’s role. In this paper, we extend the traditional static approach to defining RBAC and propose as well as formalise a dynamic RBAC model. It allows a designer to explicitly define the dependencies between the system states and permissions to access and modify system resources. To facilitate a systematic description and verification of the dynamic access rights, we propose a contract-based approach and then we demonstrate how to model and verify dynamic RBAC in Event-B. The approach is illustrated by a case study -- a reporting management system.

AB - Controlling access to resources is essential for ensuring correctness of system functioning. Role-Based Access Control (RBAC) is a popular authorisation model that regulates the user’s rights to manage system resources based on the user’s role. In this paper, we extend the traditional static approach to defining RBAC and propose as well as formalise a dynamic RBAC model. It allows a designer to explicitly define the dependencies between the system states and permissions to access and modify system resources. To facilitate a systematic description and verification of the dynamic access rights, we propose a contract-based approach and then we demonstrate how to model and verify dynamic RBAC in Event-B. The approach is illustrated by a case study -- a reporting management system.

U2 - 10.1007/978-3-030-00359-3_4

DO - 10.1007/978-3-030-00359-3_4

M3 - Publicerad konferensartikel

SN - 978-3-030-00358-6

SP - 48

EP - 63

BT - Verification and Evaluation of Computer and Communication Systems - 12th International Conference, VECoS 2018, Grenoble, France, September 26-28, 2018, Proceedings

A2 - Faouzi Atig, Mohamed

A2 - Bensalem, Saddek

A2 - Bliudze, Simon

A2 - Monsuez, Bruno

PB - Springer

T2 - International Conference on Verification and Evaluation of Computer and Communication Systems, VECoS

Y2 - 26 September 2018 through 28 September 2018

ER -

Vistbakka I, Troubitsyna E. Modelling and Verification of Dynamic Role-Based Access Control. julkaisussa Faouzi Atig M, Bensalem S, Bliudze S, Monsuez B, toimittajat, Verification and Evaluation of Computer and Communication Systems - 12th International Conference, VECoS 2018, Grenoble, France, September 26-28, 2018, Proceedings. Springer. 2018. s. 48–63 doi: 10.1007/978-3-030-00359-3_4

Modelling and Verification of Dynamic Role-Based Access Control

Abstrakti

Konferenssi

Pääsy asiakirjaan

Projektit

LARA: Learning and Assessing Risks for Enhancing Dependability of Autonomous Socio- Technical Systems

Viittausmuodot