Early validation and verification of a distributed role-based access control model

Zafar, Saad, Colvin, Robert, Winter, Kirsten, Yatapanage, Nisansala and Dromey, R.G. (2007). Early validation and verification of a distributed role-based access control model. In: Proceedings of the Software Engineering Conference 2007 (APSEC 2007). APSEC 2007: 14th Asia-Pacific Software Engineering Conference 2007, Nagoya, Japan, (430-437). 5-7 December 2007. doi:10.1109/ASPEC.2007.20


Author Zafar, Saad
Colvin, Robert
Winter, Kirsten
Yatapanage, Nisansala
Dromey, R.G.
Title of paper Early validation and verification of a distributed role-based access control model
Conference name APSEC 2007: 14th Asia-Pacific Software Engineering Conference 2007
Conference location Nagoya, Japan
Conference dates 5-7 December 2007
Proceedings title Proceedings of the Software Engineering Conference 2007 (APSEC 2007)
Journal name 14th Asia-Pacific Software Engineering Conference, Proceedings
Place of Publication Piscataway, NJ, United States
Publisher IEEE Computer Society
Publication Year 2007
Sub-type Fully published paper
DOI 10.1109/ASPEC.2007.20
ISBN 0769530575
9780769530574
ISSN 1530-1362
Start page 430
End page 437
Total pages 8
Collection year 2008
Language eng
Abstract/Summary To ensure correct implementation of complex access control requirements, it is important that the validated and verified requirements are effectively integrated with the rest of the system. It is also important that the system can be validated and verified early in the development process. In this paper we present an integrated, role-based access control model. The model is based on the graphical behavior tree notation, and can be validated by simulation, as well as verified using a model checker. Using this model, access control requirements can be integrated with the rest of the system from the outset, because: a single notation is used to express both access control and functional requirements; a systematic and incremental approach to constructing a formal behavior tree specification can be adopted; and the specification can be simulated and model checked. The effectiveness of the model is evaluated using a case study with distributed access control requirements.
Subjects 280302 Software Engineering
700102 Application tools and system utilities
Keyword Role-based access control model
Requirement verification
Q-Index Code E1
Q-Index Status Confirmed Code
Institutional Status UQ

 
Versions
Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 1 times in Thomson Reuters Web of Science Article | Citations
Scopus Citation Count Cited 5 times in Scopus Article | Citations
Google Scholar Search Google Scholar
Created: Tue, 06 May 2008, 09:24:32 EST by Donna Clark on behalf of School of Information Technol and Elec Engineering