Web Results

ieeexplore.ieee.org/document/4441714

Based upon these specifications, we attempt to formally verify role-based access control policies with the help of a theorem prover and to validate policies with the USE system, a validation tool for OCL constraints. We also describe an authorisation engine, which supports the enforcement of authorisation constraints .

ieeexplore.ieee.org/document/4358710

Towards Formal Verification of Role-Based Access Control Policies. Abstract: Specifying and managing access control policies is a challenging problem. We propose to develop formal verification techniques for access control policies to improve the current state of the art of policy specification and management.

arxiv.org/abs/1503.07645

Mar 26, 2015 ... Abstract: Access control policies are used to restrict access to sensitive records for authorized users only. One approach for specifying policies is using role based access control (RBAC) where authorization is given to roles instead of users. Users are assigned to roles such that each user can access all the ...

citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.126.907&rep=rep1&type=pdf

Based upon these specifications, we attempt to formally verify role-based access control policies with the help of a theorem prover and to validate policies with the USE system, a validation tool for OCL constraints. We also describe an authorization engine, which supports the enforcement of authorization constraints .

www.sciencedirect.com/science/article/pii/S0164121215001041

We present a taxonomy of the various types of role-based access control policies proposed in the literature. •. We propose the GemRBAC model, a generalized model for RBAC. •. This model includes all the entities required to define the classified policies. •. We formalize the classified policies as OCL constraints on the ...

www.cs.purdue.edu/homes/ninghui/papers/rbac_analysis_tdsc08.pdf

Abstract— Specifying and managing access control poli- cies is a challenging problem. We propose to develop formal verification techniques for access control policies to improve the current state of the art of policy specification and management. In this paper, we formalize classes of security analysis problems in the ...

madhu.cs.illinois.edu/CAV14vac.pdf

Abstract. In this paper we present Vac, an automatic tool for ver- ifying security properties of administrative Role-based Access Control. (RBAC). RBAC has become an increasingly popular access control model, particularly suitable for large organizations, and it is implemented in sev- eral software. Automatic security ...

www.computer.org/csdl/trans/tk/2008/07/ttk2008070924.html

Analyzing and Managing Role-Based Access Control Policies. Karsten Sohr Michael Drouineaud Gail-Joon Ahn, IEEE Martin Gogolla. Pages: pp. 924-939. Abstract—Today, more and more sensitive data is stored on computer systems; security-critical business processes are mapped to their digital counterparts.

link.springer.com/chapter/10.1007/978-3-662-43936-4_17

Abstract. We consider the safety problem for Administrative Role-Based Access Control (ARBAC) policies, i.e. detecting whether sequences of administrative actions can result in policies by which a user can acquire permissions that may compromise some security goals. In particular, we are interested in sequences of  ...