Skip to main content
SpringerLink
Log in

Validating the RBAC ANSI 2012 Standard Using B

  • Conference paper
Book cover Abstract State Machines, Alloy, B, TLA, VDM, and Z (ABZ 2014)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 8477))

Abstract

We validate the RBAC ANSI 2012 standard using the B method. Numerous problems are identified: logical errors, inconsistencies, ambiguities, typing errors, missing preconditions, invariant violation, inappropriate specification notation. A clean version of the standard written in the B notation is proposed. We argue that the ad hoc mathematical notation used in the standard is inappropriate and we propose that a more methodological and tool-supported approach must definitely be used for writing standards, in order to avoid the issues identified in the paper. Human reviewing is insufficient to produce error-free international standards.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ANSI. Role Based Access Control, INCITS 359-2004 (2004)

    Google Scholar 

  2. ANSI. Role Based Access Control, INCITS 359-2012 (2012)

    Google Scholar 

  3. Huynh, N., et al.: B Specification of the RBAC 2012 Standard (2014), http://info.usherbrooke.ca/mfrappier/RBAC-in-B

  4. Ferraiolo, D., Kuhn, R., Sandhu, R.: RBAC Standard Rationale: Comments on “A Critique of the ANSI Standard on Role-Based Access Control”. IEEE Security Privacy 5(6), 51–53 (2007)

    Article  Google Scholar 

  5. Kozen, D.: A completeness theorem for Kleene algebras and the algebra of regular events. Information and Computation 110, 366–390 (1994)

    Article  MATH  MathSciNet  Google Scholar 

  6. Li, N., Byun, J.W., Bertino, E.: A critique of the ANSI Standard on Role-Based Access Control. Technical Report TR 2005-29, Purdue University (2005)

    Google Scholar 

  7. Li, N., Byun, J.W., Bertino, E.: A Critique of the ANSI Standard on Role-Based Access Control. IEEE Security Privacy 5(6), 41–49 (2007)

    Article  Google Scholar 

  8. O’ Connor, A.C., Loomis, R.J.: Economic Analysis of Role-Based Access Control. RTI International (2010)

    Google Scholar 

  9. Power, D., Slaymaker, M., Simpson, A.: On Formalizing and Normalizing Role-Based Access Control Systems. The Computer Journal 52(3), 305–325 (2009)

    Article  Google Scholar 

  10. Rissanen, E.: eXtensible Access Control Markup Language (XACML) Version 3.0. OASIS (2010)

    Google Scholar 

  11. Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST model for role-based access control: Towards a unified standard. In: 5th ACM Workshop on Role-based Access Control, RBAC 2000, pp. 47–63. ACM (2000)

    Google Scholar 

  12. Schmidt, G., Ströhlein, T.: Relations and Graphs: Discrete Mathematics for Computer Scientists. EATCS Monographs on Theoretical Computer Science. Springer (1993)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Université de Sherbrooke, Québec, Canada

    Nghi Huynh & Marc Frappier

  2. Université Paris-Est Créteil Val de Marne, France

    Nghi Huynh & Régine Laleau

  3. Institut Mines-Télécom, Télécom SudParis, France

    Amel Mammar

  4. Université Laval, Québec, Canada

    Jules Desharnais

Authors
  1. Nghi Huynh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marc Frappier
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Amel Mammar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Régine Laleau
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jules Desharnais
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. INP-ENSEEIHT/IRIT, 2 Rue Charles Camichel, BP 7122, 31071, Toulouse Cedex 7, France

    Yamine Ait Ameur

  2. Software Competence Center Hagenberg, Softwarepark 21, 4232, Hagenberg, Austria

    Klaus-Dieter Schewe

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Huynh, N., Frappier, M., Mammar, A., Laleau, R., Desharnais, J. (2014). Validating the RBAC ANSI 2012 Standard Using B. In: Ait Ameur, Y., Schewe, KD. (eds) Abstract State Machines, Alloy, B, TLA, VDM, and Z. ABZ 2014. Lecture Notes in Computer Science, vol 8477. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43652-3_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-43652-3_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-43651-6

  • Online ISBN: 978-3-662-43652-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation