Advertisement

Towards Creating a DSL Facilitating Modelling of Dynamic Access Control in Event-B

  • Inna VistbakkaEmail author
  • Mikhail Barash
  • Elena Troubitsyna
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10817)

Abstract

Role-Based Access Control (RBAC) is a popular authorization model used to manage resource-access constraints in a wide range of systems. The standard RBAC framework adopts a static, state-independent approach to define the access rights to the system resources. It is often insufficient for correct implementation of the desired functionality and should be augmented with the dynamic, i.e., a state-dependant view on the access control. In this paper, we present a work in progress on creating a domain-specific language and the tool support for modelling and verification of dynamic RBAC. They support a tabular representation of the static RBAC constraints together with the graphical model of the scenarios and enable an automated translation of them into an Event-B model.

Keywords

Access control DSL JetBrains MPS Event-B Verification 

References

  1. 1.
    Abrial, J.R.: Modeling in Event-B. Cambridge University Press, Cambridge (2010)CrossRefGoogle Scholar
  2. 2.
    Ferraiolo, D.F., Sandhu, R.S., Gavrila, S.I., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)CrossRefGoogle Scholar
  3. 3.
    Iliasov, A., Troubitsyna, E., Laibinis, L., Romanovsky, A., Varpaaniemi, K., Ilic, D., Latvala, T.: Developing mode-rich satellite software by refinement in event-B. Sci. Comput. Program. 78(7), 884–905 (2013)CrossRefGoogle Scholar
  4. 4.
    Iliasov, A., Troubitsyna, E., Laibinis, L., Romanovsky, A.: Patterns for refinement automation. In: de Boer, F.S., Bonsangue, M.M., Hallerstede, S., Leuschel, M. (eds.) FMCO 2009. LNCS, vol. 6286, pp. 70–88. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17071-3_4CrossRefzbMATHGoogle Scholar
  5. 5.
    Kuhlmann, M., Sohr, K., Gogolla, M.: Employing UML and OCL for designing and analysing role-based access control. Math. Struct. Comput. Sci. 23(4), 796–833 (2013)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Leuschel, M., Butler, M.: ProB: an automated analysis toolset for the B method. Int. J. Softw. Tools Technol. Transf. 10(2), 185–203 (2008)CrossRefGoogle Scholar
  7. 7.
    Lopatkin, I., Iliasov, A., Romanovsky, A., Prokhorova, Y., Troubitsyna, E.: Patterns for representing FMEA in formal specification of control systems. In: HASE 2011, pp. 146–151. IEEE Computer Society (2011)Google Scholar
  8. 8.
    Milhau, J., Idani, A., Laleau, R., Labiadh, M., Ledru, Y., Frappier, M.: Combining UML, ASTD and B for the formal specification of an access control filter. ISSE 7(4), 303–313 (2011)Google Scholar
  9. 9.
    Rodin: Event-B platform. http://www.event-b.org/
  10. 10.
    Tikhonova, U., Manders, M., Boudewijns, R.: Visualization of formal specifications for understanding and debugging an industrial DSL. In: Milazzo, P., Varró, D., Wimmer, M. (eds.) STAF 2016. LNCS, vol. 9946, pp. 179–195. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-50230-4_13CrossRefGoogle Scholar
  11. 11.
    Voelter, M.: DSL Engineering (2013). dslbook.org

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Inna Vistbakka
    • 1
    Email author
  • Mikhail Barash
    • 1
  • Elena Troubitsyna
    • 1
    • 2
  1. 1.Åbo Akademi UniversityTurkuFinland
  2. 2.KTHStockholmSweden

Personalised recommendations