Towards Integrated Modelling of Dynamic Access Control with UML and Event-B

Inna Vistbakka
(Åbo Akademi)
Elena Troubitsyna
(Åbo Akademi)

Role-Based Access Control (RBAC) is a popular authorization model used to manage data-access constraints in a wide range of systems. RBAC usually defines the static view on the access rights. However, to ensure dependability of a system, it is often necessary to model and verify state-dependent access rights. Such a modelling allows us to explicitly define the dependencies between the system states and permissions to access and modify certain data. In this paper, we present a work-in-progress on combining graphical and formal modelling to specify and verify dynamic access control. The approach is illustrated by a case study – a reporting management system.

In Régine Laleau, Dominique Méry, Shin Nakajima and Elena Troubitsyna: Proceedings Joint Workshop on Handling IMPlicit and EXplicit knowledge in formal system development (IMPEX) and Formal and Model-Driven Techniques for Developing Trustworthy Systems (FM&MDD) (IMPEX 2017 and FM&MDD 2017), Xi'An, China, 16th November 2017, Electronic Proceedings in Theoretical Computer Science 271, pp. 105–116.
Published: 12th May 2018.

ArXived at: http://dx.doi.org/10.4204/EPTCS.271.8 bibtex PDF
References in reconstructed bibtex, XML and HTML format (approximated).
Comments and questions to: eptcs@eptcs.org
For website issues: webmaster@eptcs.org