Formalising and Validating RBAC-to-XACML Translation Using Lightweight Formal Methods

  • Mark Slaymaker
  • David Power
  • Andrew Simpson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5977)


The topic of access control has received a new lease of life in recent years as the need for assurance that the correct access control policy is in place is seen by many as crucial to providing assurance to individuals that their data is being treated appropriately. This trend is likely to continue with the increase in popularity of social networking sites and shifts to ‘cloud’-like commercial services: in both contexts, a clear statement of “who can do what” to one’s data is key in engendering trust. While approaches such as role-based access control (RBAC) provide a degree of abstraction, therefore increasing manageability and accessibility, policy languages such as the XML-based XACML provide greater degrees of expressibility—and, as a result, increased complexity. In this paper we explore how the mutual benefits of both RBAC and XACML, and Alloy and Z, may be used to best effect. RBAC is used as an accessible conceptual model; XACML is used as a language of implementation. Our concern is to facilitate the construction and reuse of role-based policies, which may subsequently be deployed in terms of XACML. We wish to provide assurance that these representations and transformations are, in some sense, correct. To this end, we consider formal models of both RBAC and XACML in terms of Z. We also describe how we have taken initial steps in utilising the Alloy Analyzer tool to provide a level of assurance that the two representations are consistent.


Access Control Policy Language Policy Decision Point Access Control System Policy Enforcement Point 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abou El Kalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization Based Access Control. In: 4th IEEE International Workshop on Policies for Distributed Systems and Networks (Policy 2003) (June 2003)Google Scholar
  2. 2.
    Bryans, J., Fitzgerald, J.S.: Formal Engineering of XACML Access Control Policies in VDM++. In: Butler, M., Hinchey, M.G., Larrondo-Petrie, M.M. (eds.) ICFEM 2007. LNCS, vol. 4789, pp. 37–56. Springer, Heidelberg (2007), CrossRefGoogle Scholar
  3. 3.
    Ferraiolo, D.F., Kuhn, D.R.: Role-based access control. In: Proceedings of the 15th National Computer Security Conference (1992)Google Scholar
  4. 4.
    Ferraiolo, D.F., Kuhn, D.R., Chandramouli, R.: Role-based access control. Artech House Publishers, Boston (2003)zbMATHGoogle Scholar
  5. 5.
    Fisler, K., Krishnamurthi, S., Meyerovich, L., Tshantz, M.C.: Verification and change-impact analysis of access-control policies. In: Proceedings of ICSE 2005 (2005)Google Scholar
  6. 6.
    Hu, V.C., Martin, E., Hwang, J., Xie, T.: Conformance checking of access control policies specified in XACML. In: Proceedings of the 1st IEEE International Workshop on Security in Software Engineering (IWSSE 2007), Beijing, China, July 2007, pp. 275–280 (2007)Google Scholar
  7. 7.
    Hughes, G., Bultan, T.: Automated verification of XACML policies using a SAT solver. In: Proceedings of the Workshop on Web Quality, Verification and Validation, WQVV 2007 (2007)Google Scholar
  8. 8.
    Jackson, D.: Software Abstractions: Logic, Language, and Analysis. MIT Press, Cambridge (2006)Google Scholar
  9. 9.
    Kondo, S., Iwaihara, M., Yoshikawa, M., Torato, M.: Extending RBAC for large enterprises and its quantitative risk evaluation. In: The 8th IFIP conference on e-Business, e-Services, and e-Society, pp. 99–112 (2008)Google Scholar
  10. 10.
    Power, D.J., Slaymaker, M.A., Simpson, A.C.: On formalising and normalising role-based access control systems. The Computer Journal 52(3), 303–325 (2009)CrossRefGoogle Scholar
  11. 11.
    Simpson, A.C., Power, D.J., Russell, D., Slaymaker, M.A., Kouadri-Mostefaoui, G., Ma, X., Wilson, G.: A healthcare-driven framework for facilitating the secure sharing of data across organisational boundaries. Studies in Health Technology and Informatics 138, 3–12 (2008)Google Scholar
  12. 12.
    Spivey, J.M.: The Z Notation: A Reference Manual, 2nd edn. Prentice-Hall International, Englewood Cliffs (1992)Google Scholar
  13. 13.
    Spivey, J.M.: The Fuzz Manual, 2nd edn. (2000)Google Scholar
  14. 14.
    Stepney, S., Lord, S.P.: Formal specification of an access control system. Software—Practice and Experience 17(9), 575–593 (1987)CrossRefGoogle Scholar
  15. 15.
    Swift, M.M., Brundrett, P., Van Dyke, C., Garg, P., Hopkins, A., Chan, S., Goertzel, M., Jensenworth, G.: Improving the granularity of access control in windows NT. In: Proceedings of the Sixth ACM symposium on Access control models and technologies (SACMAT 2001), pp. 87–96 (2001)Google Scholar
  16. 16.
    Zhang, N., Ryan, M., Guelev, D.P.: Synthesising verified access control systems in XACML. In: FMSE 2004: Proceedings of the 2004 ACM workshop on Formal methods in security engineering, pp. 56–65. ACM Press, New York (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Mark Slaymaker
    • 1
  • David Power
    • 1
  • Andrew Simpson
    • 1
  1. 1.Oxford University Computing LaboratoryOxfordUK

Personalised recommendations