Formalisation and implementation of access control models

Author

Jaume, Mathieu ; Morisset, Charles

Author_Institution

SPI LIP6, Paris Univ., France

Volume

1

fYear

2005

fDate

4-6 April 2005

Firstpage

703

Abstract

Access control software must be based on a security policy model. Flaws in them may come from a lack of precision or some incoherences in the policy model or from inconsistencies between the model and the code. In this paper, we first present a formalisation of access control models based on the work on an algebra of security models by J. McLean (1988). Then, we describe the implementation of this framework and show how it can be used to obtain a particular security model: the Bell and La Padula security model. Last, as an example, we show how such a program can be integrated for secure databases. All our development is done within the Focal (Rioboo et al., 2004) programming environment which provides a language with object-oriented features allowing to write formal specifications, proofs and programs at the same level.

Keywords

algebraic specification; authorisation; database management systems; object-oriented programming; programming environments; Focal programming environment; access control models; access control software; algebraic specification; database security; formal specifications; formalisation; object-oriented programming; security policy model; Access control; Algebra; Computer security; Data security; Information security; Information technology; Mathematical model; Object oriented databases; Object oriented modeling; Safety;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Technology: Coding and Computing, 2005. ITCC 2005. International Conference on

Print_ISBN

0-7695-2315-3

Type

conf

DOI

10.1109/ITCC.2005.154

Filename

1428546