Modeling and Re-Evaluating Security in an Incremental Development of RBAC-Based Systems Using B Method-Reference-Cited by-同舟云学术

Modeling and Re-Evaluating Security in an Incremental Development of RBAC-Based Systems Using B Method

Published:2019 Issue: Volume: Page:104-135
ISSN:1948-9730
Container-title:Exploring Security in Software Architecture and Design
language:
Short-container-title:

Author:

Al-Hadhrami Nasser Al-Mur¹

Affiliation:

1. Ministry of Education, Oman

Abstract

Incremental software development through the addition of new features and access rules potentially creates security flaws due to inconsistent access control models. Discovering such flaws in software architectures is commonly performed with formal techniques that allow the verification of the correctness of a system and its compliance with applicable policies. In this chapter, the authors propose the use of the B method to formally, and incrementally, design and evaluate the security of systems running under role-based access control (RBAC) policies. They use an electronic marking system (EMS) as a case study to demonstrate the iterative development of RBAC models and the role of the B language in exploring and re-evaluating the security of the system as well as addressing inconsistencies caused by incremental software development. Two formal approaches of model checking and proof obligations are used to verify the correctness of the RBAC specification.

Publisher

IGI Global

Reference26 articles.

1. The B-Book

2. Towards realizing a formal RBAC model in real systems

3. An Incremental B-Model for RBAC-Controlled Electronic Marking System

4. Tool-Assisted Multi-Facet Analysis of Formal Specifications (Using Alelier-B and ProB). Proc.;C.Attiogbe;IASTED Conf. on Software Engineering,2009

5. Industrial Use of Formal Methods