Role-Based Access Control (RBAC) is a popular authorization model used to manage resource-access constraints in a wide range of systems. The standard RBAC framework adopts a static, state-independent approach to define the access rights to the system resources. It is often insufficient for correct implementation of the desired functionality and should be augmented with the dynamic, i.e., a state-dependant view on the access control. In this paper, we present a work in progress on creating a domain-specific language and the tool support for modelling and verification of dynamic RBAC. They support a tabular representation of the static RBAC constraints together with the graphical model of the scenarios and enable an automated translation of them into an Event-B model.
If you cannot see the document below, the PDF document is most likely not freely accessible. In this case, please try to access the document via this link.
% BibTex
@inproceedings{VistbakkaBT18,
author = {Inna Vistbakka and
Mikhail Barash and
Elena Troubitsyna},
editor = {Michael J. Butler and
Alexander Raschke and
Thai Son Hoang and
Klaus Reichl},
title = {Towards Creating a {DSL} Facilitating Modelling of Dynamic Access
Control in Event-B},
booktitle = {Abstract State Machines, Alloy, B, TLA, VDM, and {Z} - 6th International
Conference, {ABZ} 2018, Southampton, UK, June 5-8, 2018, Proceedings},
series = {Lecture Notes in Computer Science},
volume = {10817},
pages = {386--391},
publisher = {Springer},
year = {2018},
url = {https://doi.org/10.1007/978-3-319-91271-4\_28},
doi = {10.1007/978-3-319-91271-4\_28},
timestamp = {Tue, 14 May 2019 10:00:50 +0200},
biburl = {https://dblp.org/rec/conf/asm/VistbakkaBT18.bib},
bibsource = {dblp computer science bibliography, https://dblp.org}
}