Specification and Refinement of Access Control - Inria - Institut national de recherche en sciences et technologies du numérique Access content directly
Journal Articles Journal of Universal Computer Science Year : 2007

Specification and Refinement of Access Control

Dominique Méry
Proof-oriented development of computer-based systems
CV
Stephan Merz
Proof-oriented development of computer-based systems

Abstract

We consider the extension of fair event system specifications by concepts of access control (prohibitions, user rights, and obligations). We give proof rules for verifying that an access control policy is correctly implemented in a system, and consider preservation of access control by refinement of event systems. Prohibitions and obligations are expressed as properties of traces and are preserved by standard refinement notions of event systems. Preservation of user rights is not guaranteed by construction; we propose to combine implementation-level user rights and obligations to implement high-level user rights.

Domains

Logic in Computer Science [cs.LO]

Stephan Merz  : Connect in order to contact the contributor

https://inria.hal.science/inria-00147824

Submitted on : Monday, May 21, 2007-10:38:10 AM

Last modification on : Friday, March 24, 2023-2:52:48 PM

No file

Dates and versions

inria-00147824 , version 1 (21-05-2007)

Identifiers

  • HAL Id : inria-00147824 , version 1

Cite

Dominique Méry, Stephan Merz. Specification and Refinement of Access Control. Journal of Universal Computer Science, 2007, 13 (8), pp.1073-1093. ⟨inria-00147824⟩

Export

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

CNRS INRIA UNIV-LORRAINE INRIA2 LORIA
101 View
0 Download

Share

Gmail Facebook X LinkedIn More