Specifying and Verifying Usage Control Models and Policies in TLA+

Grompanopoulos, Christos and Gouglidis, Antonios and Mavridou, Anastasia (2021) Specifying and Verifying Usage Control Models and Policies in TLA+. International Journal on Software Tools for Technology Transfer, 23 (5). pp. 685-700. ISSN 1433-2779

Text (STTT UseCON TLA)
STTT_UseCON_TLA.pdf - Accepted Version
Available under License Creative Commons Attribution-NonCommercial.
Download (837kB)

Abstract

Novel computing paradigms, e.g., the Cloud, introduce new requirements with regard to access control such as utilization of historical information and continuity of decision. However, these concepts may introduce an additional level of complexity to the underpinning model, rendering its definition and verification a cumbersome and prone to errors process. Using a formal language to specify a model and formally verify it may lead to a rigorous definition of the interactions amongst its components, and the provision of formal guarantees for its correctness. In this paper, we consider a case study where we specify a formal model in TLA+ for both a policy-neutral and policy-specific UseCON usage control model. Through that, we anticipate to shed light in the analysis and verification of usage control models and policies by sharing our experience when using TLA+ specific tools.