Towards Colored Petri Net Modeling of Expanded C-TMAC

Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 99)


Today advancements in information technology have led to multi-user information systems of high complexity, where users can group, collaborate and share resources. The variety of such systems include a wide range of applications such as collaborative document sharing and editing, social networks, work flow management systems, mobile location based applications etc. As those systems continue to evolve, additional requirements arise which need to be met, such as context inclusion in access control decision making and security policies that support grouping, collaboration and sharing. To address this need, we are working on expanding C-TMAC, a security model that intrinsically supports grouping, collaboration and context awareness. In this perspective, we utilize the mathematical modeling language of Colored Petri Nets, along with the CPNtools, in order to represent and analyze the basic components of C-TMAC model.


Security Access Control C-TMAC RBAC Colored Petri Nets CPNtools Formal Modeling and Analysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Georgiadis, C.K., Mavridis, I., Pangalos, G., Thomas, R.K.: Flexible Team-Based Access Control Using Contexts. In: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, Chantilly, Virginia, USA (2001)Google Scholar
  2. 2.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar
  3. 3.
    Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)CrossRefGoogle Scholar
  4. 4.
    Thomas, R.K.: Team-Based Access Control (TMAC): A Primitive for Applying Role-Based Access Controls in Collaborative Environments. In: Proceedings of the Second ACM Workshop on Role-based Access Control, Fairfax, VAUSA, pp. 13–19 (1997)Google Scholar
  5. 5.
    Jensen, K.: Coloured Petri Nets. Basic Concepts, Analysis Methods and Practical Use. Three Volumes (1997)Google Scholar
  6. 6.
    Bertino, E., Bonatti, P.A., Ferrari, E.: TRBAC: A temporal role based access control model. ACM Transactions on Information and System Security 4(3), 191–223 (2001)CrossRefGoogle Scholar
  7. 7.
    Joshi, J.B.D., Bertino, E., Latif, U., Ghafoor, A.: A generalized temporal role based access control model. IEEE Transactions on Knowledge and Data Engineering 17(1), 4–23 (2005)CrossRefGoogle Scholar
  8. 8.
    Covington, M.J., Long, W., Srinivasan, S., Dey, A.K., Ahamad, M., Abowd, G.D.: Securing Context-Aware Applications Using Environment Roles. In: SACMAT 2001: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, pp. 10–20 (2001)Google Scholar
  9. 9.
    Neumann, G., Strembeck, M.: An Approach to Engineer and Enforce Context Constraints in an RBAC Environment. In: SACMAT 2003: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, pp. 65–79 (2003)Google Scholar
  10. 10.
    Kulkarni, D., Tripathi, A.: Context-aware role-based access control in pervasive computing systems. In: SACMAT, pp. 113–122 (2008)Google Scholar
  11. 11.
    Liscano, R., Wang, K.: A SIP-based Architecture model for Contextual Coalition Access Control for Ubiquitous Computing. In: Proceedings of the Second Annual Conference on Mobile and Ubiquitous Systems (MobiQuitous 2005). IEEE Computer Society Press (2005)Google Scholar
  12. 12.
    Freudenthal, E., Pesin, T., Port, L., Keenan, E.: dRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments. In: 22nd International Conference on Distributed Computing Systems (ICDCS 2002), pp. 411–420. IEEE ( (2002)Google Scholar
  13. 13.
    Alotaiby, F.T., Chen, J.X.: A Model for Team-based Access Control (TMAC 2004). In: Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC 2004), vol. 2, p. 450. IEEE Computer Society, Washington, DC (2004)Google Scholar
  14. 14.
    Tolone, W., Ahn, G., Pai, T., Hong, S.: Access control in collaborative systems. ACM Comput. Surv. 37(1), 29–41 (2005)CrossRefGoogle Scholar
  15. 15.
    Shafiq, B., Masood, A., Joshi, J., Ghafoor, A.: A role-based access control policy verification framework for real-time systems. In: WORDS 2005: Proceedings of the 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems, pp. 13–20. IEEE Computer Society, Washington (2005)Google Scholar
  16. 16.
    Rakkay, H., Boucheneb, H.: Security Analysis of Role Based Access Control Models Using Colored Petri Nets and CPNtools. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds.) Transactions on Computational Science IV. LNCS, vol. 5430, pp. 149–176. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  17. 17.
    Kadloul, L., Djouani, K., Tfaili, W.: Using Timed Colored Petri Nets and CPN-tool to Model and Verify TRBAC Security Policies. In: Fourth International Workshop on Verification and Evaluation of Computer and Communication Systems, VECoS 2010 (2010)Google Scholar
  18. 18.
    Mondal, S., Sural, S., Atluri, V.: Towards formal security analysis of GTRBAC using timed automata. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies (SACMAT 2009), pp. 33–42. ACM, NY (2009)CrossRefGoogle Scholar

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2012

Authors and Affiliations

  1. 1.Department of Applied InformaticsUniversity of MacedoniaThessalonikiGreece

Personalised recommendations