Specifying and Verifying Usage Control Models and Policies in TLA+

Grompanopoulos, Christos and Gouglidis, Antonios and Mavridou, Anastasia (2021) Specifying and Verifying Usage Control Models and Policies in TLA+. International Journal on Software Tools for Technology Transfer, 23 (5). pp. 685-700. ISSN 1433-2779

[thumbnail of STTT UseCON TLA]
Text (STTT UseCON TLA)
STTT_UseCON_TLA.pdf - Accepted Version
Available under License Creative Commons Attribution-NonCommercial.

Download (837kB)

Abstract

Novel computing paradigms, e.g., the Cloud, introduce new requirements with regard to access control such as utilization of historical information and continuity of decision. However, these concepts may introduce an additional level of complexity to the underpinning model, rendering its definition and verification a cumbersome and prone to errors process. Using a formal language to specify a model and formally verify it may lead to a rigorous definition of the interactions amongst its components, and the provision of formal guarantees for its correctness. In this paper, we consider a case study where we specify a formal model in TLA+ for both a policy-neutral and policy-specific UseCON usage control model. Through that, we anticipate to shed light in the analysis and verification of usage control models and policies by sharing our experience when using TLA+ specific tools.

Item Type:
Journal Article
Journal or Publication Title:
International Journal on Software Tools for Technology Transfer
Additional Information:
The final publication is available at Springer via http://dx.doi.org/10.1007/s10009-020-00600-0
Uncontrolled Keywords:
/dk/atira/pure/subjectarea/asjc/1700/1710
Subjects:
?? AUTHORIZATION MODELSCONCURRENCYMODEL CHECKINGUSECONSOFTWAREINFORMATION SYSTEMS ??
ID Code:
149555
Deposited By:
Deposited On:
02 Dec 2020 09:59
Refereed?:
Yes
Published?:
Published
Last Modified:
20 Sep 2023 01:39