A role-based access control policy verification framework for real-time systems

10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems Pub Date : 2005-02-02 DOI:10.1109/WORDS.2005.11
Basit Shafiq, A. Masood, J. Joshi, A. Ghafoor
{"title":"A role-based access control policy verification framework for real-time systems","authors":"Basit Shafiq, A. Masood, J. Joshi, A. Ghafoor","doi":"10.1109/WORDS.2005.11","DOIUrl":null,"url":null,"abstract":"This paper presents a framework for verifying the access control requirements of real-time application systems such as workflow management systems and active databases. The temporal and event-based semantics of these applications can be expressed using event-driven role based access control (RBAC) model. Any comprehensive access control model such as RBAC requires verification and validation mechanisms to ensure the consistency of access control specification. An inconsistent access control specification exposes the underlying system to numerous vulnerabilities and security risks. In this paper, we propose a Petri-net based framework for verifying the correctness of event-driven RBAC policies.","PeriodicalId":335355,"journal":{"name":"10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-02-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"57","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WORDS.2005.11","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 57

Abstract

This paper presents a framework for verifying the access control requirements of real-time application systems such as workflow management systems and active databases. The temporal and event-based semantics of these applications can be expressed using event-driven role based access control (RBAC) model. Any comprehensive access control model such as RBAC requires verification and validation mechanisms to ensure the consistency of access control specification. An inconsistent access control specification exposes the underlying system to numerous vulnerabilities and security risks. In this paper, we propose a Petri-net based framework for verifying the correctness of event-driven RBAC policies.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
基于角色的实时系统访问控制策略验证框架
本文提出了一个验证工作流管理系统和活动数据库等实时应用系统访问控制需求的框架。这些应用程序的时态和基于事件的语义可以使用事件驱动的基于角色的访问控制(RBAC)模型来表示。任何全面的访问控制模型(如RBAC)都需要验证和确认机制来确保访问控制规范的一致性。不一致的访问控制规范将底层系统暴露在大量漏洞和安全风险之下。在本文中,我们提出了一个基于Petri-net的框架来验证事件驱动的RBAC策略的正确性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems
10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems
自引率
0.00%
发文量
0
期刊最新文献
JavaMaC and runtime monitoring for geoinformatics grid services Towards self-healing systems via dependable architecture and reflective middleware Dynamic reconfiguration of component-based real-time software Object-based commutativity analysis for real-time applications Specification, analysis and implementation of architectural patterns for dependable software systems
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1