Role Based Access Control (RBAC) models are access policies that associate access rights to roles of subjects on objects. The incremental development of software by adding new features and the insertion of new access rules potentially render the model inconsistent and create security flaws. This paper proposes modeling RBAC models using the B language such that it is possible to reevaluate the consistency of the models following model changes. It shows the mechanism of formalizing RBAC policies of an Electronic Marking System (EMS) using B specifications and illustrates the verification of the consistency of the RBAC specification, using model checking and proof obligations.
|Title of host publication||Proceedings of 2015 10th International Conference on Availability, Reliability and Security (ARES)|
|Number of pages||539|
|Publication status||Published - 2015|
- incremental development
- E-Marking Systems
- role based access control
- B Method