Skip to main content
SpringerLink
Log in

Modeling and Verification of RBAC Security Policies Using Colored Petri Nets and CPN-Tool

  • Conference paper
Networked Digital Technologies (NDT 2010)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 88))

Included in the following conference series:

Abstract

Role Based Access Control (RBAC) is more and more applied to design and implement security policies in large networking systems. Although the elegance of this model, the design process of a security policy remains a challenge. The consistence and the correctness of the policy are crucial. Formal verification is one of the techniques, which can be used to prove that the designed policy is consistent. In this paper, we present a concrete formal modeling/analysis approach for RBAC policies. The modeling phase uses Colored Petri Nets (CPN) and the generated models will be analyzed using the CPN-tool. This analysis will wallow to prove many important proprieties about the RBAC security policy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Jensen, K.: An Introduction to the Theoretical Aspects of Coloured Petri Nets. In: de Bakker, J.W., de Roever, W.-P., Rozenberg, G. (eds.) REX 1993. LNCS, vol. 803, pp. 230–272. Springer, Heidelberg (1994)

    Google Scholar 

  2. Murata, T.: Petri Nets and Their Applications: An Introduction. In: Chang, S.K. (ed.) Management and Office Information Systems, ch. 20, pp. 351–367. Plenum Press, New York (1984)

    Google Scholar 

  3. Ferraiolo, D.F., Kuhn, D.R.: Role Based Access Control. In: The 15th National Computer Security Conference, October 13-16, pp. 554–563 (1992)

    Google Scholar 

  4. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)

    Google Scholar 

  5. Sandhu, R., Ferraiolo, D.F., Kuhn, R.: The NIST Model for Role Based Access Control: Toward a Unified Standard. In: Proceedings of the 5th ACM Workshop on Role Based Access Control, Berlin, July 26-27, pp. 47–63 (2000)

    Google Scholar 

  6. Bertino, E., Bonatti, P.A.: TRBAC: A temporal role based access control model. ACM Transactions on Information and System Security 4(3), 191–223 (2001)

    Article  Google Scholar 

  7. Joshi, J.B.D., Bertino, E., Latif, U., Ghafoor, A.: A Generalized Temporal Role Based Access Control. The IEEE Transactions on Knowledge and Data Engineering 17(1), 4–23 (2005)

    Article  Google Scholar 

  8. Nyanchama, M., Osborn, S.: The Role Graph Model and Conflict of Interest. The ACM Transactions on Information and System Security 2(1), 3–33 (1999)

    Article  Google Scholar 

  9. Koch, M., Mancini, L.V., Parisi-Presicce, F.: A Graph-based Formalism for RBAC. The ACM Transactions on Information and System Security 5(3), 332–365 (2002)

    Article  Google Scholar 

  10. Ahmed, T., Tripathi, A.R.: Static Verification of Security Requirements in Role Based CSCW Systems. In: Proc. of the 8th ACM Symposium on Access Control Models and Technologies, pp. 196–203 (June 2003)

    Google Scholar 

  11. Walvekar, A., Smith, M., Kelkar, M., Gamble, R.: Using Petri Nets to Detect Access Control Violations in a System of Systems. Technical Report SEAT-UTULSA-09-12. A shorter version of this paper appeared in the Joint Workshop on Foundations of Computer Security and Automated Reasoning for Security Protocol Analysis (FCS-ARSPA 2006), Seattle, August 15 - 16 (2006)

    Google Scholar 

  12. Huang, H., Kirchner, H.: Secure Interoperation in Heterogeneous Systems based on Colored Petri Nets. Research report INRIA-00396952, version, June 1-19 (2009)

    Google Scholar 

  13. Shafiq, B., Masood, A., Ghafoor, A., Joshi, J.B.D.: A Role-Based Access Control Policy Verification Framework for Real-Time Systems. In: Proc. of the IEEE Workshop on Object-oriented Real-time Databases (2005)

    Google Scholar 

  14. Song, M., Pang, Z.: Specification of SA-RBAC Policy Based on Colored Petri Net. In: The IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology 2008 (2008)

    Google Scholar 

  15. Knorr, K.: Dynamic access control through Petri net workflows. In: Proc. of the 16th Annual Computer Security Applications Conference (ACSAC), pp. 159–167. IEEE Press, Los Alamitos (December 2000), doi:10.1109/ACSAC.2000.898869

    Google Scholar 

  16. Knorr, K.: Multilevel security and information flow in Petri net workflows. In: Proc. of the 9th International Conference on Telecommunication Systems-Modeling and Analysis, Special Session on Security Aspects of Telecommunication Systems, pp. 9–20 (2001)

    Google Scholar 

  17. Dong, X., Chen, G., Yin, J., Dong, J.: Petri-net-based context related access control workflow environment. In: Proc. of the 7th International Conference on Computer Supported Cooperative Work in Design (CSCWD), pp. 381–384. IEEE Press, Los Alamitos (2002), doi:10.1109/CSCWD.2002.1047718

    Chapter  Google Scholar 

  18. Liang, Z., Bai, S.: Role based workflow modelling. In: Proc. of IEEE International Conference on Systems, Man and Cybernetics (ICSMC), pp. 4845–4849. IEEE Press, Los Alamitos (October 2006), doi:10.1109/ICSMC.2006.385072

    Google Scholar 

  19. Jiang, Y., Lin, C., Yin, H., Zhang, Z.: Security analysis of mandatory access control model. In: Proc. of IEEE International Conference on Systems, Man and Cybernetics, pp. 5013–5018. IEEE Press, Los Alamitos (October 2004), doi:10.1109/ICSMC.2004.1400987

    Google Scholar 

  20. Zhang, Z., Hong, F., Xiao, H.: Verification of strict integrity policy via Petri nets. In: Proc. of the International Conference on System and Network Communication, pp. 23–26. IEEE Press, Los Alamitos (October 2006), doi:10.1109/ICSNC.2006.76

    Google Scholar 

  21. Junszczyszyn, K.: Verifying enterprise’s mandatory access control policies with coloured Petri nets. In: Proc. of the IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 184–189. IEEE Press, Los Alamitos (June 2003)

    Google Scholar 

  22. Feng, F., Lin, C., Peng, D., Li, J.: A trust and context based access control model for distributed systems. In: Proc. of the 10th International Conference on High Performance Computing and Communications (HPCC), pp. 629–634. IEEE Computer Society, Los Alamitos (September 2008), doi:10.1109/HPCC.2008.37

    Chapter  Google Scholar 

  23. Feng, F., Li, J.: Verification and Analysis of Access Control Policy with Colored Petri Net. In: The International Conference on Communication Software and Networks, ICCSN 2009, pp. 610–614 (2009)

    Google Scholar 

  24. CPN-tool can be downloaded freely for academics from, http://wiki.daimi.au.dk/cpntools/cpntools.wiki

Download references

Author information

Authors and Affiliations

  1. LISSI Laboratory, Paris Est University, Paris, France

    Laid Kahloul, Karim Djouani, Walid Tfaili & Yacine Amirat

  2. Computer Science Departement, Biskra University, Algeria

    Laid Kahloul

  3. F’SATI at TUT, Pretoria, South Africa

    Karim Djouani

  4. Computer Science Department, Constantine University, Algeria

    Allaoua Chaoui

Authors
  1. Laid Kahloul
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Karim Djouani
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Walid Tfaili
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Allaoua Chaoui
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yacine Amirat
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Software Engineering, Charles University in Prague, Malostranske namesti 25, 118 00, Prague, Czech Republic

    Filip Zavoral

  2. Charles University, Prague, Czech Republic

    Jakub Yaghob

  3. Al Imam University, Riyadh, Saudi Arabia

    Pit Pichappan

  4. Jordan University of Science and Technology, Irbid, Jordan

    Eyas El-Qawasmeh

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kahloul, L., Djouani, K., Tfaili, W., Chaoui, A., Amirat, Y. (2010). Modeling and Verification of RBAC Security Policies Using Colored Petri Nets and CPN-Tool. In: Zavoral, F., Yaghob, J., Pichappan, P., El-Qawasmeh, E. (eds) Networked Digital Technologies. NDT 2010. Communications in Computer and Information Science, vol 88. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14306-9_60

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14306-9_60

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14305-2

  • Online ISBN: 978-3-642-14306-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation