摘要: Access control (AC) is one of the most fundamental and widely used requirements for privacy security. Given a subject's access request on resource in system, AC determines whether this permitted or denied based policies (ACPs). This position paper introduces our approach to ensure correctness using verification. More specifically, given model an ACP, detects inconsistencies between models, specifications, expected behaviors AC. Such represent faults (in ACP), which we target at detecting before ACP deployment.
sci-hub.se 参考文章(2)
VINCENT C. HU, D. RICHARD KUHN, TAO XIE, JEEHYUN HWANG, MODEL CHECKING FOR VERIFICATION OF MANDATORY ACCESS CONTROL MODELS AND PROPERTIES International Journal of Software Engineering and Knowledge Engineering. ,vol. 21, pp. 103- 127 ,(2011) , 10.1142/S021819401100513X
JeeHyun Hwang, Tao Xie, Vincent Hu, Mine Altunay, ACPT: A Tool for Modeling and Verifying Access Control Policies ieee international symposium on policies for distributed systems and networks. pp. 40- 43 ,(2010) , 10.1109/POLICY.2010.22