An Incremental B-Model for RBAC-Controlled Electronic Marking System

An Incremental B-Model for RBAC-Controlled Electronic Marking System

Nasser Al-hadhrami (Ministry of Education, Nizwa, Oman), Benjamin Aziz (School of Computing, University of Portsmouth, Portsmouth, UK) and Lotfi ben Othmane (Fraunhofer Institute for Secure Information Technology, Darmstadt, Germany)
Copyright: © 2016 |Pages: 28
DOI: 10.4018/IJSSE.2016040103


The incremental development of software through the addition of new features and the insertion of new access rules potentially renders the access control models inconsistent and creates security flaws. This paper proposes modeling Role Based Access Control (RBAC) models of these software using the B language and re-evaluating the consistency of the models following model changes. It shows the mechanism of formalizing RBAC policies of an Electronic Marking System (EMS) using B specifications and illustrates the verification of the consistency of the RBAC specification, using model checking and proof obligations. In addition, it shows how to address inconsistencies that result from incremental specification of system' architectures.
Article Preview

2. Role Based Access Control

RBAC is an efficient and safe role-based access control model (Ahn & Hu, 2007). Began in 1970s with multi-user and multi-application, and has rapidly evolved in the last three decades as a technology for applying a high level security in large-scale systems. The pivotal idea behind RBAC model is that permissions are associated with roles, and users are administratively assigned to proper roles. This mechanism ensures that only authorized users can perform some functions on some data/resources (Ferraiolo & Kuhn, 2009). Figure 1 shows that users are not directly mapped into permissions of accessing some resources, but to specific roles which have to be previously assigned to those permissions.

Figure 1.

The concept of RBAC security policy

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing