Abstract
Role Based Access Control (RBAC) is more and more applied to design and implement security policies in large networking systems. Although the elegance of this model, the design process of a security policy remains a challenge. The consistence and the correctness of the policy are crucial. Formal verification is one of the techniques, which can be used to prove that the designed policy is consistent. In this paper, we present a concrete formal modeling/analysis approach for RBAC policies. The modeling phase uses Colored Petri Nets (CPN) and the generated models will be analyzed using the CPN-tool. This analysis will wallow to prove many important proprieties about the RBAC security policy.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Jensen, K.: An Introduction to the Theoretical Aspects of Coloured Petri Nets. In: de Bakker, J.W., de Roever, W.-P., Rozenberg, G. (eds.) REX 1993. LNCS, vol. 803, pp. 230–272. Springer, Heidelberg (1994)
Murata, T.: Petri Nets and Their Applications: An Introduction. In: Chang, S.K. (ed.) Management and Office Information Systems, ch. 20, pp. 351–367. Plenum Press, New York (1984)
Ferraiolo, D.F., Kuhn, D.R.: Role Based Access Control. In: The 15th National Computer Security Conference, October 13-16, pp. 554–563 (1992)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)
Sandhu, R., Ferraiolo, D.F., Kuhn, R.: The NIST Model for Role Based Access Control: Toward a Unified Standard. In: Proceedings of the 5th ACM Workshop on Role Based Access Control, Berlin, July 26-27, pp. 47–63 (2000)
Bertino, E., Bonatti, P.A.: TRBAC: A temporal role based access control model. ACM Transactions on Information and System Security 4(3), 191–223 (2001)
Joshi, J.B.D., Bertino, E., Latif, U., Ghafoor, A.: A Generalized Temporal Role Based Access Control. The IEEE Transactions on Knowledge and Data Engineering 17(1), 4–23 (2005)
Nyanchama, M., Osborn, S.: The Role Graph Model and Conflict of Interest. The ACM Transactions on Information and System Security 2(1), 3–33 (1999)
Koch, M., Mancini, L.V., Parisi-Presicce, F.: A Graph-based Formalism for RBAC. The ACM Transactions on Information and System Security 5(3), 332–365 (2002)
Ahmed, T., Tripathi, A.R.: Static Verification of Security Requirements in Role Based CSCW Systems. In: Proc. of the 8th ACM Symposium on Access Control Models and Technologies, pp. 196–203 (June 2003)
Walvekar, A., Smith, M., Kelkar, M., Gamble, R.: Using Petri Nets to Detect Access Control Violations in a System of Systems. Technical Report SEAT-UTULSA-09-12. A shorter version of this paper appeared in the Joint Workshop on Foundations of Computer Security and Automated Reasoning for Security Protocol Analysis (FCS-ARSPA 2006), Seattle, August 15 - 16 (2006)
Huang, H., Kirchner, H.: Secure Interoperation in Heterogeneous Systems based on Colored Petri Nets. Research report INRIA-00396952, version, June 1-19 (2009)
Shafiq, B., Masood, A., Ghafoor, A., Joshi, J.B.D.: A Role-Based Access Control Policy Verification Framework for Real-Time Systems. In: Proc. of the IEEE Workshop on Object-oriented Real-time Databases (2005)
Song, M., Pang, Z.: Specification of SA-RBAC Policy Based on Colored Petri Net. In: The IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology 2008 (2008)
Knorr, K.: Dynamic access control through Petri net workflows. In: Proc. of the 16th Annual Computer Security Applications Conference (ACSAC), pp. 159–167. IEEE Press, Los Alamitos (December 2000), doi:10.1109/ACSAC.2000.898869
Knorr, K.: Multilevel security and information flow in Petri net workflows. In: Proc. of the 9th International Conference on Telecommunication Systems-Modeling and Analysis, Special Session on Security Aspects of Telecommunication Systems, pp. 9–20 (2001)
Dong, X., Chen, G., Yin, J., Dong, J.: Petri-net-based context related access control workflow environment. In: Proc. of the 7th International Conference on Computer Supported Cooperative Work in Design (CSCWD), pp. 381–384. IEEE Press, Los Alamitos (2002), doi:10.1109/CSCWD.2002.1047718
Liang, Z., Bai, S.: Role based workflow modelling. In: Proc. of IEEE International Conference on Systems, Man and Cybernetics (ICSMC), pp. 4845–4849. IEEE Press, Los Alamitos (October 2006), doi:10.1109/ICSMC.2006.385072
Jiang, Y., Lin, C., Yin, H., Zhang, Z.: Security analysis of mandatory access control model. In: Proc. of IEEE International Conference on Systems, Man and Cybernetics, pp. 5013–5018. IEEE Press, Los Alamitos (October 2004), doi:10.1109/ICSMC.2004.1400987
Zhang, Z., Hong, F., Xiao, H.: Verification of strict integrity policy via Petri nets. In: Proc. of the International Conference on System and Network Communication, pp. 23–26. IEEE Press, Los Alamitos (October 2006), doi:10.1109/ICSNC.2006.76
Junszczyszyn, K.: Verifying enterprise’s mandatory access control policies with coloured Petri nets. In: Proc. of the IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 184–189. IEEE Press, Los Alamitos (June 2003)
Feng, F., Lin, C., Peng, D., Li, J.: A trust and context based access control model for distributed systems. In: Proc. of the 10th International Conference on High Performance Computing and Communications (HPCC), pp. 629–634. IEEE Computer Society, Los Alamitos (September 2008), doi:10.1109/HPCC.2008.37
Feng, F., Li, J.: Verification and Analysis of Access Control Policy with Colored Petri Net. In: The International Conference on Communication Software and Networks, ICCSN 2009, pp. 610–614 (2009)
CPN-tool can be downloaded freely for academics from, http://wiki.daimi.au.dk/cpntools/cpntools.wiki
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kahloul, L., Djouani, K., Tfaili, W., Chaoui, A., Amirat, Y. (2010). Modeling and Verification of RBAC Security Policies Using Colored Petri Nets and CPN-Tool. In: Zavoral, F., Yaghob, J., Pichappan, P., El-Qawasmeh, E. (eds) Networked Digital Technologies. NDT 2010. Communications in Computer and Information Science, vol 88. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14306-9_60
Download citation
DOI: https://doi.org/10.1007/978-3-642-14306-9_60
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14305-2
Online ISBN: 978-3-642-14306-9
eBook Packages: Computer ScienceComputer Science (R0)