|
| This Article | ||
| ||
| Share | ||
| Bibliographic References | ||
| Add to: | ||
 Digg  Furl  Spurl  Blink  Simpy  Google  Del.icio.us  Y!MyWeb | ||
| Search | ||
| ||
2011 Sixth International Conference on Availability, Reliability and Security
Evaluating RBAC Supported Techniques and their Validation and Verification
Vienna, Austria
August 22-August 26
ISBN: 978-0-7695-4485-4
| ASCII Text | x | ||
| Nafees Qamar, Yves Ledru, Akram Idani, "Evaluating RBAC Supported Techniques and their Validation and Verification," 2012 Seventh International Conference on Availability, Reliability and Security, pp. 734-739, 2011 Sixth International Conference on Availability, Reliability and Security, 2011. | |||
| BibTex | x | ||
| @article{ 10.1109/ARES.2011.112, author = {Nafees Qamar and Yves Ledru and Akram Idani}, title = {Evaluating RBAC Supported Techniques and their Validation and Verification}, journal ={2012 Seventh International Conference on Availability, Reliability and Security}, volume = {0}, year = {2011}, isbn = {978-0-7695-4485-4}, pages = {734-739}, doi = {http://doi.ieeecomputersociety.org/10.1109/ARES.2011.112}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, } | |||
| RefWorks Procite/RefMan/Endnote | x | ||
| TY - CONF JO - 2012 Seventh International Conference on Availability, Reliability and Security TI - Evaluating RBAC Supported Techniques and their Validation and Verification SN - 978-0-7695-4485-4 SP734 EP739 A1 - Nafees Qamar, A1 - Yves Ledru, A1 - Akram Idani, PY - 2011 KW - RBAC KW - formal and semi-formal techniques KW - verification and validation KW - survey and analysis VL - 0 JA - 2012 Seventh International Conference on Availability, Reliability and Security ER - | |||
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ARES.2011.112
This paper evaluates the security specification techniques that employ Role Based Access Control (RBAC) variants. RBAC offers a special kind of access control mechanism based on the use of roles to grant permissions. Its variants include role hierarchy and separation of duty (SoD) constraints. The overall management of a RBAC supported system is made through its administrative, review and supporting system functions. In this paper, a summary of semi-formal and formal techniques employing RBAC is provided along with their benefits and limitations. Here, semi-formal techniques refer to UML+OCL while formal ones are based on Alloy. This paper may guide through the process of selecting an appropriate technique to specify security rules. This is done by analyzing the degree of coverage of RBAC including some extensions like SoD and role hierarchy. We also investigate the use of validation and verification tools in these techniques. We find that formal techniques are more amenable to automated analysis as compared to semi-formal ones. Semi-formal techniques are rich in specifying RBAC variants but have prototypic tools. Session based dynamic aspects of RBAC have been partly covered in both techniques.
Index Terms:
RBAC, formal and semi-formal techniques, verification and validation, survey and analysis
Citation:
Nafees Qamar, Yves Ledru, Akram Idani, "Evaluating RBAC Supported Techniques and their Validation and Verification," ares, pp.734-739, 2011 Sixth International Conference on Availability, Reliability and Security, 2011
Usage of this product signifies your acceptance of the Terms of Use.