Verifying Access Control in Statecharts

Authors

  • Levi Lucio Modelling, Simulation and Design Lab School of Computer Science McGill University
  • Qin Zhang SERVAL Research Group Interdisciplinary Centre for Security, Reliability and Trust University of Luxembourg
  • Vasco Sousa Laboratory for Advanced Software Systems University of Luxembourg
  • Yves Le Traon SERVAL Research Group Interdisciplinary Centre for Security, Reliability and Trust University of Luxembourg

DOI:

https://doi.org/10.14279/tuj.eceasst.50.739

Abstract

Access control is one of the main security mechanisms for software applications. It ensures that all accesses conform to a predefined access control policy. It is important to check that the access control policy is well implemented in the system. When following an MDD methodology it may be necessary to check this early during the development lifecycle, namely when modeling the application. This paper tackles the issue of verifying access control policies in statecharts. The approach is based on the transformation of a statechart into an Algebraic Petri net to enable checking access control policies and identifying potential inconsistencies with an OrBAC set of access control policies. Our method allows locating the part of the statechart that is causing the problem. The approach has been successfully applied to a Library Management System. Based on our proposal a tool for performing the transformation and localization of errors in the statechart has been implemented.

Downloads

Additional Files

Published

2012-09-02

How to Cite

[1]
L. Lucio, Q. Zhang, V. Sousa, and Y. Le Traon, “Verifying Access Control in Statecharts”, eceasst, vol. 50, Sep. 2012.