Transformation of Spatio-Temporal Role Based Access Control Specification to Alloy

  • Emsaieb Geepalla
  • Behzad Bordbar
  • Joel Last
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7602)


The recent advances in wireless networks, mobile applications and pervasive computing has prompted an urgent need for the creation of Access Control systems which takes into consideration the location of the user and the time of access. Such systems are even more complex than the conventional Access Control systems. Thus, the need arises for the analysis of the specification of such systems prior to the implementing of the systems. As a result, this paper proposes to use Alloy as a method of automated analysis of Spatio-temporal Role-Based Access Control models (STRBAC). To achieve this, this paper describes a method (AC2Alloy) that allows users to create STRBAC models and transforms them into the required Alloy code automatic, thus allowing for powerful analysis to take place using Alloy analyser utilizing SAT-Solvers. With the help of an example, we show how AC2Alloy convert STRBAC model to Alloy model and verify the resulting model using the Alloy analyser to identify an erroneous design.


MDA Alloy Spatio-Temporal Access Control 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chen, H.-C., Wang, S.-J., Wen, J.-H., Huang, Y.-F., Chen, C.-W.: A Generalized Temporal and Spatial Role-Based Access Control Model. JNW 5(8), 912–920 (2010)Google Scholar
  2. 2.
    Ray, I., Toahchoodee, M.: A Spatio-temporal Access Control Model Supporting Delegation for Pervasive Computing Applications. In: Furnell, S.M., Katsikas, S.K., Lioy, A. (eds.) TrustBus 2008. LNCS, vol. 5185, pp. 48–58. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  3. 3.
    Samuel, A., Ghafoor, A., Bertino, E.: A Framework for Specification and Verification of Generalized Spatio-Temporal Role Based Access Control Model. Technical report, Purdue University, CERIAS TR 2007-08 (February 2007)Google Scholar
  4. 4.
    Toahchoodee, M., Ray, I.: On the Formal Analysis of a Spatio-Temporal Role-Based Access Control Model. In: Proceedings of the 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, pp. 17–32 (July 2008)Google Scholar
  5. 5.
    Daniel, J.: Software Abstractions Logic, Language, and Analysis. The MIT Press, Cambridge (2006)Google Scholar
  6. 6.
    Bertino, E., Catania, B., Damiani, M.L., Perlasca, P.: GEO-RBAC: a spatially aware RBAC. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden, pp. 29–37 (June 2005)Google Scholar
  7. 7.
    Chen, L., Crampton, J.: On Spatio-Temporal Constraints and Inheritance in Role-Based Access Control. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, Tokyo, Japan, pp. 205–216 (March 2008)Google Scholar
  8. 8.
    Zao, J., Wee, H., Chu, J., Jackson, D.: RBAC Schema Verification Using Lightweight Formal Model and Constraint Analysis (2002),
  9. 9.
    Joshi, J.B.D., Bertino, E., Latif, U., Ghafoor, A.: A Generalized Temporal Role-Based Access Control Model. IEEE Transactions on Knowledge and Data Engineering 17(1), 4–23 (2005)CrossRefGoogle Scholar
  10. 10.
    Ray, I., Toahchoodee, M.: A Spatio-temporal Role-Based Access Control Model. In: Proceedings of the 21st Annual IFIPWG11.3 Working Conference on Data and Applications Security, Redondo Beach, CA, pp. 211–226 (July 2007)Google Scholar
  11. 11.
    Jackson, D., Schechter, I., Shlyakhter, I.: Alcoa: the alloy constraint analyzer, In: International Conference on Software Engineering (ICSE 2000), pp. 730–733 (2000)Google Scholar
  12. 12.
    Bordbar, B., Anastasakis, K.: UML2Alloy: A tool for lightweight modelling of Discrete Event Systems. In: IADIS International Conference in Applied Computing 2005, Algarve, Portugal, pp. 209–216 (2005)Google Scholar
  13. 13.
    Mondal, S., Sural, S.: XML-based policy specification framework for spatiotemporal access control. In: SIN 2009, pp. 98–103 (2009)Google Scholar
  14. 14.
    Bhatti, R., Joshi, J., Bertino, E., Ghafoor, A.: Access Control in Dynamic XML-Based Web-Services with X-RBAC. In: Proceedings of ICWS 2003 (2003)Google Scholar
  15. 15.
    Ferraiolo, D.F., Richard Kuhn, D., Chandramouli, R.: Role Based Access Control, 2nd edn (2007)Google Scholar
  16. 16.
    Ray, I., Bordbar, B., Toahchoodee, M., Anastasakis, K., Georg, G.: Ensuring Spatio-Temporal Access Control for Real-World Applications, pp. 978–971. ACM, doi: 978-1-60558-537-6/09/06Google Scholar
  17. 17.
    Akehurst, D.H., Bordbar, B., Evans, M.J., Howells, W.G.J., McDonald-Maier, K.D.: SiTra: Simple Transformations in Java. In: Wang, J., Whittle, J., Harel, D., Reggio, G. (eds.) MoDELS 2006. LNCS, vol. 4199, pp. 351–364. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Emsaieb Geepalla
    • 1
  • Behzad Bordbar
    • 1
  • Joel Last
    • 1
  1. 1.School of Computer ScienceUniversity of BirminghamUK

Personalised recommendations