Validation of IS Security Policies featuring Authorisation Constraints
| Autor: | Nafees Qamar, Régine Laleau, Jérémy Milhau, Jean-Luc Richier, Mohamed Amine Labiadh, Yves Ledru, Akram Idani |
|---|---|
| Přispěvatelé: | Validation de Systèmes, Composants et Objets logiciels (VASCO), Laboratoire d'Informatique de Grenoble (LIG), Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF)-Institut polytechnique de Grenoble - Grenoble Institute of Technology (Grenoble INP )-Institut National Polytechnique de Grenoble (INPG)-Centre National de la Recherche Scientifique (CNRS)-Université Pierre Mendès France - Grenoble 2 (UPMF)-Université Joseph Fourier - Grenoble 1 (UJF) |
| Jazyk: | angličtina |
| Rok vydání: | 2015 |
| Předmět: |
business.industry
Computer science [SCCO.COMP]Cognitive science/Computer science Computer security model Security policy Security testing Security information and event management Security engineering Information security standards Software security assurance Management of Technology and Innovation Role-based access control Software engineering business Information Systems |
| Zdroj: | International Journal of Information System Modeling and Design International Journal of Information System Modeling and Design, IGI Global, 2015, 6 (1), pp.24-46 |
| ISSN: | 1947-8186 1947-8194 |
| Popis: | Designing a security policy for an information system (IS) is a non-trivial task. Variants of the RBAC model can be used to express such policies as access-control rules associated to constraints. In this paper, we advocate that currently available tools do not take sufficiently into account the functional description of the application and its impact on authorisation constraints and dynamic aspects of security. The authors suggest translating both security and functional models into a formal language, such as B, whose analysis and animation tools will help validate a larger set of security scenarios. The authors describe how various kinds of constraints can be expressed and animated in this context. The authors also present a tool support which performs this translation and report on a case study where animation and testing techniques were used to validate the security policy of a medical emergency information system. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|