A correct-by-construction model for attribute-based access control: Illustration: web-based healthcare services

被引:4
|
作者
Gadouche, Hania [1 ]
Farah, Zoubeyr [1 ]
Tari, Abdelkamel [1 ]
机构
[1] Univ Bejaia, Dept Comp Sci, Fac Exact Sci, Med Comp Lab LIMED, Bejaia, Algeria
来源
CLUSTER COMPUTING-THE JOURNAL OF NETWORKS SOFTWARE TOOLS AND APPLICATIONS | 2020年 / 23卷 / 03期
关键词
ABAC; Correct-by-construction; Event-B; Formal methods; Proof and refinement; Specification and validation; A priori verification; Web services; Healthcare systems;
D O I
10.1007/s10586-019-02976-4
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
In this paper, a formal specification approach of the attribute-based access control (ABAC) is proposed using the Event-B method. We apply an a priori formal verification to build a correct model in a stepwise manner. Correctness of the specification model is insured during the construction steps. The model is composed of abstraction levels that are generated through refinement operations. A set of ABAC properties is defined in each level of refinement starting from the highest abstract level to the most concrete one. These properties are preserved by proofs with the behavior specification. The approach is illustrated in healthcare web services.
引用
收藏
页码:1517 / 1528
页数:12
相关论文
共 50 条
  • [21] Mining Attribute-Based Access Control Policies
    Davari, Maryam
    Zulkernine, Mohammad
    INFORMATION SYSTEMS SECURITY, ICISS 2022, 2022, 13784 : 186 - 201
  • [22] Monotonicity and Completeness in Attribute-Based Access Control
    Crampton, Jason
    Morisset, Charles
    SECURITY AND TRUST MANAGEMENT (STM 2014), 2014, 8743 : 33 - 48
  • [23] Adding semantics to attribute-based discovery of web services
    Sriharee, N
    Senivongse, T
    Teppaboot, C
    Futatsugi, K
    IC'04: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON INTERNET COMPUTING, VOLS 1 AND 2, 2004, : 790 - 794
  • [24] ABACaaS: Attribute-Based Access Control as a Service
    Meshram, Augustee
    Das, Saptarshi
    Sural, Shamik
    Vaidya, Jaideep
    Atluri, Vijayalakshmi
    PROCEEDINGS OF THE NINTH ACM CONFERENCE ON DATA AND APPLICATION SECURITY AND PRIVACY (CODASPY '19), 2019, : 153 - 155
  • [25] Mining Attribute-Based Access Control Policies
    Xu, Zhongyuan
    Stoller, Scott D.
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2015, 12 (05) : 533 - 545
  • [26] Combining Mandatory and Attribute-based Access Control
    Kerr, Lawrence
    Alves-Foss, Jim
    PROCEEDINGS OF THE 49TH ANNUAL HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES (HICSS 2016), 2016, : 2616 - 2623
  • [27] A Web Service Architecture for Decentralised Identity- and Attribute-based Access Control
    Hebig, Regina N.
    Meinel, Christoph
    Menzel, Michael
    Thomas, Ivonne
    Warschofsky, Robert
    2009 IEEE INTERNATIONAL CONFERENCE ON WEB SERVICES, VOLS 1 AND 2, 2009, : 551 - 558
  • [28] Attribute-Based Access Control in Service Mesh
    Ponomarev, Kirill Yu.
    2019 DYNAMICS OF SYSTEMS, MECHANISMS AND MACHINES (DYNAMICS), 2019,
  • [29] Attribute-Based Messaging: Access Control and Confidentiality
    Bobba, Rakesh
    Fatemieh, Omid
    Khan, Fariba
    Khan, Arindam
    Gunter, Carl A.
    Khurana, Himanshu
    Prabhakaran, Manoj
    ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY, 2010, 13 (04)
  • [30] Monotonicity and completeness in attribute-based access control
    Crampton, Jason
    Morisset, Charles
    Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2014, 8743 : 33 - 48
12345