Towards realizing a formal RBAC model in real systems

Gail Joon Ahn, Hongxin Hu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

31 Scopus citations

Abstract

There still exists an open question on how formal models can be fully realized in the system development phase. The Model Driven Development (MDD) approach has been recently introduced to deal with such a critical issue for building high assurance software systems. There still exists an open question on how formal models can be fully realized in the system development phase. The Model Driven Development (MDD) approach has been recently introduced to deal with such a critical issue for building high assurance software systems. The MDD approach focuses on the transformation of high-level design models to system implementation modules. However, this emerging development approach lacks an adequate procedure to address security issues derived from formal security models. In this paper, we propose an empirical framework to integrate security model representation, security policy specification, and systematic validation of security model and policy, which would be eventually used for accommodating security concerns during the system development. We also describe how our framework can minimize the gap between security models and the development of secure systems. In addition, we overview a proof-of-concept prototype of our tool that facilitates existing software engineering mechanisms to achieve the above-mentioned features of our framework.

Original languageEnglish (US)
Title of host publicationSACMAT'07
Subtitle of host publicationProceedings of the 12th ACM Symposium on Access Control Models and Technologies
Pages215-224
Number of pages10
DOIs
StatePublished - 2007
Externally publishedYes
EventSACMAT'07: 12th ACM Symposium on Access Control Models and Technologies - Sophia Antipolis, France
Duration: Jun 20 2007Jun 22 2007

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Other

OtherSACMAT'07: 12th ACM Symposium on Access Control Models and Technologies
Country/TerritoryFrance
CitySophia Antipolis
Period6/20/076/22/07

Keywords

  • Access control
  • Code generation
  • Model validation
  • Policy specification

ASJC Scopus subject areas

  • General Computer Science

Fingerprint

Dive into the research topics of 'Towards realizing a formal RBAC model in real systems'. Together they form a unique fingerprint.

Cite this