Abstract
The use of Z in software development has focused on specifying the functionality of a system. However, when developing secure system, it is important to address fundamental security aspects, such as authentication, authorization, and auditing. In this paper, we show an approach for building systems from generic and modular security components using promotion technique in Z. The approach focuses on weaving security component into the functionality of a system using promotion technique in Z. For each component, Z notation is used to construct its state-based model and the relevant operations. Once a component is introduced, the defined local operations are promoted to work on the global state. We illustrate this approach on the development of a “secure” model for a conference management system. With this approach, it is possible to specify the core functionalities of a system independently from the security mechanisms. Authentication and authorization are viewed as components which are carefully integrated with the functional system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abdallah, A.E., Khayat, E.J.: A Fornal Model for Parameterized Role Based Access Control. In: Martinelli, F. (ed.) Formal Aspects in Security and Trust, pp. 233–247. Kluwer, Dordrecht (2004)
Abdallah, A.E., Khayat, E.J.: Formal Z Specifications of Several Flat Role-Based Access Control Models. SEW 0, 282–292 (2006)
Gollmann, D.: Computer Security, 2nd edn. Wiley, Chichester (2005)
Evans, A.: Specifying & verifying concurrent systems using z. In: Naftalin, M., Bertrán, M., Denvir, T. (eds.) FME 1994. LNCS, vol. 873, pp. 366–380. Springer, Heidelberg (1994)
Gorogiannis, N., Ryan, M.: Minimal refinements of specifications in model and termporal logics. Form. Asp. Comput. 19(1), 35–62 (2007)
Mouratidis, H., Giorgini, P., Manson, G.: Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems. In: Eder, J., Missikoff, M. (eds.) CAiSE 2003. LNCS, vol. 2681, pp. 63–78. Springer, Heidelberg (2003)
Heiner, M., Heisel, M.: Modeling safety-critical systems with z and petri nets. In: Felici, M., Kanoun, K., Pasquini, A. (eds.) SAFECOMP 1999. LNCS, vol. 1698, pp. 361–374. Springer, Heidelberg (1999)
Houston, I.S.C., Josephs, M.B.: Specifying distributed CICS in Z: accessing local and remote resources. Formal Aspects of Computing 6(5), 569–579 (1994)
Jürjens, J.: Umlsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)
Knight, J.C., Kienzle, D.M.: Preliminary experience using z to specify a safety-critical system. In: Proceedings of the Z User Workshop, London, UK, pp. 109–118. Springer, Heidelberg (1992)
Futcher, L., von Solms, R.: SecSDM: A Model for Integrating Security into the Software Development Life Cycle. In: Fifth World Conference on Information Security Education. IFIP International Federation for Information Processing, vol. 237, pp. 41–48. Springer, Heidelberg (2007)
Lodderstedt, T., Basin, D.A., Doser, J.: Secureuml: A UML-based modeling language for model-driven security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)
Nissanke, N.: Component security - issues and an approach. COMPSAC (2), 152–155 (2005)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Woodcock, J., Davies, J.: Using Z Specification, Refinement, and Proof. C.A.R Hoare series editor. Prentice Hall International, Englewood Cliffs (1996)
Zafar, N.A.: Modeling and formal specification of automated train control system using z notation. In: Multitopic Conference, 2006. INMIC 2006, December 23-24, 2006, pp. 438–443. IEEE, Los Alamitos (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Haidar, A.N., Abdallah, A.E. (2008). Weaving Authentication and Authorization Requirements into the Functional Model of a System Using Z Promotion. In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification and Validation. ISoLA 2008. Communications in Computer and Information Science, vol 17. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88479-8_59
Download citation
DOI: https://doi.org/10.1007/978-3-540-88479-8_59
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88478-1
Online ISBN: 978-3-540-88479-8
eBook Packages: Computer ScienceComputer Science (R0)