Meca: A Tool for Access Control Models

Access Control is a technique which insures security by preserving confidentiality and integrity of information. Meca (Models for access control) is a tool which generates, in a B machine, operational conditions that should be verified by an application to insure security. The inputs of Meca are a B machine offering a format for presenting a security model and a functional model containing the presentation of an application with its sensitive entities like variables and operations. The format of a security model provides a declarative representation of the access distribution in the system at a given moment. It is done according to various models related to three branches policies: discretionary policies model (DAC)[4], Bell and LaPadula model (BLP) [1], Biba model (Biba) [2] and role based access control model (RBAC) [3]. Meca generates access rules in a B machine called security kernel. Security kernel offers secure services under witch sensitive entities of functional model can be manipulated. The format of the security kernel varies depending of the security policy model type. In access control scope, Objects are passive entities that represent system resources and should be protected. Subjects are active entities accessing to objects and possessing rights to manipulate them. Figure 1 presents Meca with his inputs and outputs components. We illustrate our approach and Meca with a small part of a bank card example.