A Verification Framework for Temporal RBAC with Role Hierarchy (Short Paper)

In this paper a Timed Automata (TA) based verification framework is proposed for Temporal RBAC. Roles, users, permissions - three basic components of RBAC are modeled using TA. These components interact with each other through channel synchronization. A parallel composition of TA is used to construct the complete system. Temporal constraints on roles, user-role assignments and role-permission assignments are conveniently expressed in this representation. Furthermore, both role hierarchy and separation of duty (SoD) have been incorporated in the proposed framework. Security properties are specified using Computation Tree Logic (CTL) and verified by model checking.

[1]  Ninghui Li,et al.  Towards Formal Verification of Role-Based Access Control Policies , 2008, IEEE Transactions on Dependable and Secure Computing.

[2]  Kim G. Larsen,et al.  A Tutorial on Uppaal , 2004, SFM.

[3]  Basit Shafiq,et al.  A role-based access control policy verification framework for real-time systems , 2005, 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems.

[4]  Shamik Sural,et al.  Security Analysis of Temporal-RBAC Using Timed Automata , 2008, 2008 The Fourth International Conference on Information Assurance and Security.

[5]  Rajeev Alur,et al.  Model-checking for real-time systems , 1990, [1990] Proceedings. Fifth Annual IEEE Symposium on Logic in Computer Science.

[6]  Anand R. Tripathi,et al.  Static verification of security requirements in role based CSCW systems , 2003, SACMAT '03.

[7]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[8]  Elisa Bertino,et al.  A generalized temporal role-based access control model , 2005, IEEE Transactions on Knowledge and Data Engineering.

[9]  Angelo Furfaro,et al.  Temporal verification of communicating real-time state machines using Uppaal , 2003, IEEE International Conference on Industrial Technology, 2003.

[10]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[11]  Elisa Bertino,et al.  Hybrid role hierarchy for generalized temporal role based access control model , 2002, Proceedings 26th Annual International Computer Software and Applications.

[12]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..