Validation of IS Security Policies Featuring Authorisation Constraints-Reference-Cited by-同舟云学术

Validation of IS Security Policies Featuring Authorisation Constraints

Published:2015-01 Issue:1 Volume:6 Page:24-46
ISSN:1947-8186
Container-title:International Journal of Information System Modeling and Design
language:en
Short-container-title:

Author:

Ledru Yves¹,Idani Akram¹,Milhau Jérémy²,Qamar Nafees¹,Laleau Régine²,Richier Jean-Luc³,Labiadh Mohamed Amine¹

Affiliation:

1. University Grenoble Alpes, LIG, Grenoble, France

2. Université Paris-Est, LACL, UPEC, IUT Sénart-Fontainebleau, France

3. CNRS, LIG, Grenoble, France

Abstract

Designing a security policy for an information system (IS) is a non-trivial task. Variants of the RBAC model can be used to express such policies as access-control rules associated to constraints. In this paper, we advocate that currently available tools do not take sufficiently into account the functional description of the application and its impact on authorisation constraints and dynamic aspects of security. The authors suggest translating both security and functional models into a formal language, such as B, whose analysis and animation tools will help validate a larger set of security scenarios. The authors describe how various kinds of constraints can be expressed and animated in this context. The authors also present a tool support which performs this translation and report on a case study where animation and testing techniques were used to validate the security policy of a medical emergency information system.

Publisher

IGI Global

Subject

Management of Technology and Innovation,Information Systems

Reference47 articles.

1. The B-Book

2. Towards realizing a formal RBAC model in real systems

3. Autrel, F., Cuppens, F., Cuppens-Boulahia, N., & Coma-Brebel, C. (2008). MotOrBAC 2: a security policy tool. In SARSSI’08: 3ème conf. sur la Sécurité des Architectures Réseaux et des Systèmes d’Information.

4. Automated analysis of security-design models

5. A decade of model-driven security

Cited by 6 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Formalizing the Relationship between Security Policies and Objectives in Software Architectures;2023 IEEE 20th International Conference on Software Architecture Companion (ICSA-C);2023-03

2. Towards a model driven formal approach for merging data, access control and business processes;Proceedings of the 23rd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems: Companion Proceedings;2020-10-16

3. Smart Device Authentication Based on Online Handwritten Script Identification and Word Recognition in Indic Scripts Using Zone-Wise Features;International Journal of Information System Modeling and Design;2018-01

4. Distributed Reconfigurable B approach for the specification and verification of B-based distributed reconfigurable control systems;Advances in Mechanical Engineering;2017-11

5. IDS Using Reinforcement Learning Automata for Preserving Security in Cloud Environment;International Journal of Information System Modeling and Design;2017-10