结合UML和B来规范和验证业务流程活动中的RBAC策略

2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS) Pub Date : 2016-06-01 DOI:10.1109/RCIS.2016.7549284

Salim Chehida, Akram Idani, Y. Ledru, M. K. Rahmouni

{"title":"结合UML和B来规范和验证业务流程活动中的RBAC策略","authors":"Salim Chehida, Akram Idani, Y. Ledru, M. K. Rahmouni","doi":"10.1109/RCIS.2016.7549284","DOIUrl":null,"url":null,"abstract":"Integrating access control into business processes is a non-trivial task. This paper presents an approach that combines the UML and B languages for the specification and validation of RBAC policies at the process level. It starts by modeling the access control rules using our extension of UML2 activity diagrams denominated as BAAC@UML (Business Activity Access Control with UML). The BAAC@UML models are then translated into a specification in the B language using our B4MSecure platform. Finally, the last step validates the RBAC policy by testing its formal specification using the B tools (Provers and Animators).","PeriodicalId":344289,"journal":{"name":"2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS)","volume":"101 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Combining UML and B for the specification and validation of RBAC policies in business process activities\",\"authors\":\"Salim Chehida, Akram Idani, Y. Ledru, M. K. Rahmouni\",\"doi\":\"10.1109/RCIS.2016.7549284\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Integrating access control into business processes is a non-trivial task. This paper presents an approach that combines the UML and B languages for the specification and validation of RBAC policies at the process level. It starts by modeling the access control rules using our extension of UML2 activity diagrams denominated as BAAC@UML (Business Activity Access Control with UML). The BAAC@UML models are then translated into a specification in the B language using our B4MSecure platform. Finally, the last step validates the RBAC policy by testing its formal specification using the B tools (Provers and Animators).\",\"PeriodicalId\":344289,\"journal\":{\"name\":\"2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS)\",\"volume\":\"101 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/RCIS.2016.7549284\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RCIS.2016.7549284","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

将访问控制集成到业务流程中是一项非常重要的任务。本文提出了一种结合UML和B语言的方法，用于在过程级别上规范和验证RBAC策略。它首先使用我们命名为BAAC@UML(使用UML的业务活动访问控制)的UML2活动图扩展对访问控制规则进行建模。然后使用我们的B4MSecure平台将BAAC@UML模型翻译成B语言的规范。最后，最后一步通过使用B工具(Provers和Animators)测试其正式规范来验证RBAC策略。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Combining UML and B for the specification and validation of RBAC policies in business process activities

Integrating access control into business processes is a non-trivial task. This paper presents an approach that combines the UML and B languages for the specification and validation of RBAC policies at the process level. It starts by modeling the access control rules using our extension of UML2 activity diagrams denominated as BAAC@UML (Business Activity Access Control with UML). The BAAC@UML models are then translated into a specification in the B language using our B4MSecure platform. Finally, the last step validates the RBAC policy by testing its formal specification using the B tools (Provers and Animators).

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS)

自引率

0.00%

发文量