Incremental development of RBAC-controlled E-marking system using the B method

Al-Hadhrami, Nasser; Aziz, Benjamin; Sardesai, Shantanu; Othmane, Lotfi ben

doi:10.1109/ARES.2015.95

2015

Conference Paper

Abstract

Role-based Access Control (RBAC) models are access policies that associate access rights to roles of subjects on objects. The incremental development of software by adding new features and the insertion of new access rules potentially render the model inconsistent and create security flaws. This paper proposes modeling (RBAC) models using the B language such that it is possible to reevaluate the consistency of the models following model changes. It shows the mechanism of formalizing (RBAC) policies of an Electronic Marking System (EMS) using B specifications and illustrates the verification of the consistency of the (RBAC) specification, using model checking and proof obligations.

Author(s)

Al-Hadhrami, Nasser

Aziz, Benjamin

Sardesai, Shantanu

Othmane, Lotfi ben

Mainwork

10th International Conference on Availability, Reliability and Security, ARES 2015. Proceedings

Conference

International Conference on Availability, Reliability and Security (ARES) 2015

International Workshop on Agile Secure Software Development (ASSD) 2015

Options

Incremental development of RBAC-controlled E-marking system using the B method