Towards formal specification and verification of a role-based authorization engine using JML

Employing flexible access control mechanisms, formally specifying and correctly implementing relevant security properties, and ensuring that the implementation satisfies its formal specification, are some of the important aspects towards achieving higher-level organization-wide access control that maintains the characteristics of software quality. In the access control arena, the role-based access control (RBAC) has emerged as a powerful model for laying out and developing higher-level organizational rules such as separation of duty, and for simplifying the access management process. One of the important aspects of RBAC is authorization constraints that allow one to express such organizational rules. On the other hand, the Java Modeling Language (JML) has evolved as a flexible formal behavioral interface specification language that can be used as a Design by Contract (DBC) approach for developing software written in Java. In this paper, we adopt JML as a DBC approach to implement a prototype of a role-based authorization engine. We specifically focus on how JML can effectively be used in precisely specifying the functional behavior of the authorization engine, including various constraints such as authorization constraints and integrity constraints. We employ few JML tools towards verifying the correctness of the implementation of the authorization engine against its JML specification.

[1]  Néstor Cataño,et al.  Formal Specification and Static Checking of Gemplus' Electronic Purse Using ESC/Java , 2002, FME.

[2]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[3]  Albert L. Baker,et al.  Preliminary design of JML: a behavioral interface specification language for java , 2006, SOEN.

[4]  Bernhard Rumpe,et al.  Behavioral Specifications of Businesses and Systems , 1999, Behavioral Specifications of Businesses and Systems.

[5]  Jim Woodcock,et al.  Proving Theorems About JML Classes , 2007, Formal Methods and Hybrid Real-Time Systems.

[6]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[7]  Michael D. Ernst,et al.  An overview of JML tools and applications , 2003, International Journal on Software Tools for Technology Transfer.

[8]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[9]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[10]  Jan Jürjens,et al.  Security Analysis of a Biometric Authentication System Using UMLsec and JML , 2009, MoDELS.

[11]  Mary Ellen Zurko,et al.  Separation of duty in role-based environments , 1997, Proceedings 10th Computer Security Foundations Workshop.

[12]  Gary T. Leavens,et al.  Design by Contract with JML , 2006 .

[13]  Michael Z. Spivey,et al.  The Z notation , 1989 .

[14]  Albert L. Baker,et al.  JML: A Notation for Detailed Design , 1999, Behavioral Specifications of Businesses and Systems.

[15]  Joseph R. Kiniry,et al.  Soundness and completeness warnings in ESC/Java2 , 2006, SAVCBS '06.