A Valid and Correct-by-Construction Formal Specification of RBAC

Controlling access to data is one of the primary purposes of security, especially when it comes to dealing with safety critical systems. In such systems, it is of paramount importance to rigorously define access control models. In this article, a correct-by-construction specification of RBAC using the Event-B formal method is proposed. The specification defines closely the model properties with the behavior aspect of RBAC as guards of events, which allows applying a priori verifications. Accordingly, the resulted specification is correct-by-construction and avoids the combinatorial explosion problem. As well, a number of refinement operations are performed leading to a specification with several abstraction levels, where each level implements selected RBAC entities. The approach is illustrated by an instantiation of a healthcare system.

[1]  Gail-Joon Ahn,et al.  Enabling verification and conformance testing for access control model , 2008, SACMAT '08.

[2]  Régine Laleau,et al.  A formal validation of the RBAC ANSI 2012 standard using B , 2016, Sci. Comput. Program..

[3]  Thai Son Hoang,et al.  Rodin: an open toolset for modelling and reasoning in Event-B , 2010, International Journal on Software Tools for Technology Transfer.

[4]  Farah Zoubeyr,et al.  A correct-by-construction model for asynchronously communicating systems , 2016, International Journal on Software Tools for Technology Transfer.

[5]  Elena Ferrari Guest editorial: Special issue on access control models and technologies , 2005, TSEC.

[6]  Basit Shafiq,et al.  A role-based access control policy verification framework for real-time systems , 2005, 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems.

[7]  Martin C. Rinard,et al.  Mohawk: Abstraction-Refinement and Bound-Estimation for Verifying Access Control Policies , 2013, TSEC.

[8]  Reda Mohamed Hamou,et al.  Combination of Access Control and De-Identification for Privacy Preserving in Big Data , 2016, Int. J. Inf. Secur. Priv..

[9]  Nazim Benaïssa La composition des protocoles de sécurité avec la méthode B événementielle. (Security protocols composition using Event B) , 2010 .

[10]  Ousmane Amadou Dia,et al.  Business Driven User Role Assignment: Nimble Adaptation of RBAC to Organizational Changes , 2013, Int. J. Inf. Secur. Priv..

[11]  Marc Frappier,et al.  A Design by Contract Approach to Verify Access Control Policies , 2012, 2012 IEEE 17th International Conference on Engineering of Complex Computer Systems.

[12]  Sajid Iqbal,et al.  Modeling of Access Control System in Event-B , 2018 .

[13]  Elisa Bertino,et al.  A Critique of the ANSI Standard on Role-Based Access Control , 2007, IEEE Security & Privacy.

[14]  Benjamin Aziz,et al.  An Incremental B-Model for RBAC-Controlled Electronic Marking System , 2016, Int. J. Secur. Softw. Eng..

[15]  Elena Troubitsyna,et al.  Modelling and Verification of Dynamic Role-Based Access Control , 2018, VECoS.

[16]  Slim Kallel,et al.  A holistic approach for access control policies: from formal specification to aspect-based enforcement , 2009, Int. J. Inf. Comput. Secur..

[17]  Michael J. Butler,et al.  ProB: A Model Checker for B , 2003, FME.

[18]  David Nelson,et al.  A Comparative Analysis of Chain-Based Access Control and Role-Based Access Control in the Healthcare Domain , 2013, Int. J. Inf. Secur. Priv..

[19]  Yeping He,et al.  A Verifiable Formal Specification for RBAC Model with Constraints of Separation of Duty , 2006, Inscrypt.

[20]  Vincent C. Hu,et al.  Verification and Test Methods for Access Control Policies/Models , 2017 .