This paper describes the formalisation of SGAC access control policies using Z3 and then we compare the performance with ProB and Alloy. SGAC is an attribute-based, fine-grain access control model that uses acyclic subject and resource graphs to provide rule inheritance and streamline policy specification. To ensure patient privacy and safety, four types of properties are checked: accessibility, availability, contextuality and rule effectiveness. Automatic translation of SGAC policies into each specification language has been defined. ProB offers the best verification performances, by two orders of magnitude. The performances of Alloy and Z3 are similar.
If you cannot see the document below, the PDF document is most likely not freely accessible. In this case, please try to access the document via this link.
% BibTex
@inproceedings{OliveiraF20,
author = {Diego de Azevedo Oliveira and
Marc Frappier},
editor = {Alexander Raschke and
Dominique M{\'{e}}ry and
Frank Houdek},
title = {Verifying {SGAC} Access Control Policies: {A} Comparison of ProB,
Alloy and {Z3}},
booktitle = {Rigorous State-Based Methods - 7th International Conference, {ABZ}
2020, Ulm, Germany, May 27-29, 2020, Proceedings},
series = {Lecture Notes in Computer Science},
volume = {12071},
pages = {223--229},
publisher = {Springer},
year = {2020},
url = {https://doi.org/10.1007/978-3-030-48077-6\_15},
doi = {10.1007/978-3-030-48077-6\_15},
timestamp = {Mon, 25 May 2020 12:33:39 +0200},
biburl = {https://dblp.org/rec/conf/asm/OliveiraF20.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}