Validation of IS Security Policies featuring Authorisation Constraints

Abstract : Designing a security policy for an information system (IS) is a non-trivial task. Variants of the RBAC model can be used to express such policies as access-control rules associated to constraints. In this paper, we advocate that currently available tools do not take sufficiently into account the functional description of the application and its impact on authorisation constraints and dynamic aspects of security. We suggest translating both security and functional models into a formal language, such as B, whose analysis and animation tools will help validate a larger set of security scenarios. We describe how various kinds of constraints can be expressed and animated in this context. We also present a tool support which performs this translation and report on a case study where animation and testing techniques were used to validate the security policy of a medical emergency information system.
Type de document :
Article dans une revue
International Journal of Information System Modeling and Design, IGI Global, 2015, 6 (1), pp.24-46
Liste complète des métadonnées

https://hal.inria.fr/hal-00976108
Contributeur : Catherine Oriat <>
Soumis le : mercredi 9 avril 2014 - 16:19:50
Dernière modification le : jeudi 11 janvier 2018 - 06:22:07

Identifiants

  • HAL Id : hal-00976108, version 1

Collections

Citation

Yves Ledru, Akram Idani, Jérémy Milhau, Muhammad Nafees Qamar, Régine Laleau, et al.. Validation of IS Security Policies featuring Authorisation Constraints. International Journal of Information System Modeling and Design, IGI Global, 2015, 6 (1), pp.24-46. 〈hal-00976108〉

Partager

Métriques

Consultations de la notice

220