A formal approach to implement access control models
نویسندگان
چکیده
Access control software must be based on a security policy model. Flaws in them may come from a lack of precision or some incoherences in the policy model or from inconsistencies between the model and the code. In this paper, we present a formalisation of access control models, based on the algebra of security models introduced by J.McLean [10], together with a description of its implementation in an environment, namely Focal [17], which provides a language with object-oriented features that allows to write formal specifications, proofs and programs at the same level. Then, we show how such formal development can be used to obtain a particular security model: the Bell and LaPadula security model. Last, as an example, we show how such a program can be integrated for secure databases.
منابع مشابه
CAMAC: a context-aware mandatory access control model
Mandatory access control models have traditionally been employed as a robust security mechanism in multilevel security environments such as military domains. In traditional mandatory models, the security classes associated with entities are context-insensitive. However, context-sensitivity of security classes and flexibility of access control mechanisms may be required especially in pervasive c...
متن کاملA Rule-Set Approach to Formal Modeling of a Trusted Computer System
This article describes a rule-set approach to formal modeling of a trusted computer system. A finite state machine models the access operations of the trusted system while a separate rule set expresses the system's trust policies. A powerful feature of this approach is its ability to fit several widely differing trust policies easily within the same model. The paper shows how this approach to m...
متن کاملRelationship based access control
Relationship Based Access Control (ReBAC) has emerged as a popular alternative to traditional access control models, such as Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC). However, some of the model’s aspects, such as its expression language and delegation abilities have not been studied in depth. Furthermore, existing ReBAC models cater to single policy control, th...
متن کاملGenerating Monitors for Usage Control
Protecting computational resources and digital information against unauthorized access is one of the fundamental security requirements in modern computer systems. Usage control addresses the control of computational resources after access has been granted. Despite its fundamental importance, no systematic methods exist to implement formal usage control specifications. This paper presents a mode...
متن کاملA context-sensitive dynamic role-based access control model for pervasive computing environments
Resources and services are accessible in pervasive computing environments from anywhere and at any time. Also, due to ever-changing nature of such environments, the identity of users is unknown. However, users must be able to access the required resources based on their contexts. These and other similar complexities necessitate dynamic and context-aware access control models for such environmen...
متن کامل