Abstract
The modelling of access control (AC) policies aim to describe aspects of different security requirements at a higher level of abstraction. Once the AC policy has been modelled, the difficulty lies in the expression and formal verification of the properties of this policy. This paper proposes to develop a formal framework for the specification and validation of the hybrid AC policy. In order to increase the flexibility of AC, an extension of the UACML model to the emergency RBAC model (E-RBAC) is proposed. We start with the semiformal specification of AC rules using activity diagrams that we call E-UACML accompanied by AC constraints and spatio-temporal constraints. E-UACML is then translated into a formal specification expressed in the Fiacre language and the requirements in observer automata using the CDL language. The latter is used to formally verify the properties with OBP (model checking). We evaluate our approach with a case study.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
