Validation of Security-Design Models Using Z

  • Nafees Qamar
  • Yves Ledru
  • Akram Idani
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6991)


This paper is aimed at formally specifying and validating security-design models of an information system. It combines graphical languages and formal methods, integrating specification languages such as UML and an extension, SecureUML, with the Z language. The modeled system addresses both functional and security requirements of a given application. The formal functional specification is built automatically from the UML diagram, using our RoZ tool. The secure part of the model instanciates a generic security-kernel written in Z, free from applications specificity, which models the concepts of RBAC (Role-Based Access Control). The final modeling step creates a link between the functional model and the instanciated security kernel. Validation is performed by animating the model, using the Jaza tool. Our approach is demonstrated on a case-study from the health care sector where confidentiality and integrity appear as core challenges to protect medical records.


Access Control Security Policy Functional Model Security Model Access Control Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abdallah, A.E., Khayat, E.J.: Formal Z Specifications of Several Flat Role-Based Access Control Models. In: Proceedings of the 30th Annual IEEE/NASA Software Engineering Workshop (SEW 2006), pp. 282–292. IEEE Computer Society, Los Alamitos (2006)CrossRefGoogle Scholar
  2. 2.
    Amálio, N., Polack, F.: Comparison of Formalisation Approaches of UML Class Constructs in Z and Object-Z. In: Bert, D., Bowen, J., King, S. (eds.) ZB 2003. LNCS, vol. 2651, pp. 339–358. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Basin, D., Doser, J., Lodderstedt, T.: Model Driven Security: From UML Models to Access Control Infrastructures. ACM TOSEM 15(1), 39–91 (2006)CrossRefGoogle Scholar
  4. 4.
    Basin, D.A., Clavel, M., Doser, J., Egea, M.: Automated Analysis of Security Design Models. Information and Software Technology, Special issue on Model Based Development for Secure Information Systems 51(5) (2009)Google Scholar
  5. 5.
    Boswell, A.: Specification and Validation of a Security Policy Model. IEEE Transactions on Software Engineering 21(2), 63–68 (1995)CrossRefGoogle Scholar
  6. 6.
    Dupuy, S., Ledru, Y., Chabre-Peccoud, M.: An Overview of RoZ: A Tool for Integrating UML and Z Specifications. In: Wangler, B., Bergman, L.D. (eds.) CAiSE 2000. LNCS, vol. 1789, pp. 417–430. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Ferraiolo, D.F., Sandhu, R.S., Gavrila, S.I., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for Role-based Access Control. ACM Transactions on Information and System Security, 224–274 (2001)Google Scholar
  8. 8.
    Hall, A.: Specifying and Interpreting Class Hierarchies in Z. In: Proceedings of the Z User Workshop, pp. 120–138. Springer/BCS (1994)Google Scholar
  9. 9.
    Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2004)zbMATHGoogle Scholar
  10. 10.
    Ledru, Y.: Using Jaza to Animate RoZ Specifications of UML Class Diagrams. In: Proceedings of the 30th Annual IEEE/NASA Software Engineering Workshop (SEW-30 2006), pp. 253–262. IEEE Computer Society, Los Alamitos (2006)CrossRefGoogle Scholar
  11. 11.
    Ledru, Y., Qamar, N., Idani, A., Richier, J.L., Labiadh, M.A.: Validation of security policies by the animation of Z specifications. In: 16th ACM Symposium on Access Control Models and Technologies, SACMAT 2011, pp. 155–164. ACM, New York (2011)Google Scholar
  12. 12.
    Morimoto, S., Shigematsu, S., Goto, Y., Cheng, J.: Formal verification of security specifications with common criteria. In: Proceedings of the 22nd Annual ACM Symposium on Applied Computing (SAC 2007), pp. 1506–1512. ACM, New York (2007)Google Scholar
  13. 13.
    Power, D., Slaymaker, M., Simpson, A.: On Formalizing and Normalizing Role-Based Access Control Systems. The Computer Journal 52(3), 305–325 (2009)CrossRefGoogle Scholar
  14. 14.
    Sohr, K., Drouineaud, M., Ahn, G.: Formal Specification of Role-based Security Policies for Clinical Information Systems. In: Proc. of the 20th Annual ACM Symposium on Applied Computing, pp. 332–339. ACM, New York (2005)Google Scholar
  15. 15.
    Sohr, K., Drouineaud, M., Ahn, G.J., Gogolla, M.: Analyzing and managing role-based access control policies. IEEE Trans. Knowl. Data Eng. 20(7), 924–939 (2008)CrossRefGoogle Scholar
  16. 16.
    Spivey, J.M.: The Z Notation: A reference manual, 2nd edn. Prentice Hall, Englewood Cliffs (1992)zbMATHGoogle Scholar
  17. 17.
    Toahchoodee, M., Ray, I., Anastasakis, K., Georg, G., Bordbar, B.: Ensuring spatio-temporal access control for real-world applications. In: SACMAT 2009, 14th ACM Symp. on Access Control Models and Technologies. ACM, New York (2009)Google Scholar
  18. 18.
    Utting, M.: JAZA: Just Another Z Animator (2005),
  19. 19.
    Wordsworth, J.: Software Development with Z: a practical approach to formal methods. Addison-Wesley, Reading (1992)zbMATHGoogle Scholar
  20. 20.
    Yuan, C., He, Y., He, J., Zhou, Z.: A Verifiable Formal Specification for RBAC Model with Constraints of Separation of Duty. In: Lipmaa, H., Yung, M., Lin, D. (eds.) Inscrypt 2006. LNCS, vol. 4318, pp. 196–210. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Nafees Qamar
    • 1
    • 2
  • Yves Ledru
    • 1
  • Akram Idani
    • 1
  1. 1.UJF-Grenoble 1/Grenoble-INP/UPMF-Grenoble2/CNRS, LIG UMR 5217GrenobleFrance
  2. 2.INRIA Rhône AlpesGrenobleFrance

Personalised recommendations