Un processus formel d'intégration de politiques de contrôle d'accès dans les systèmes d'information

Abstract : Security is a key aspect in information systems (IS) development. One cannot build a bank IS without security in mind. In medical IS, security is one of the most important features of the software. Access control is one of many security aspects of an IS. It defines permitted or forbidden execution of system's actions by a user. Between the conception of an access control policy and its effective deployment on an IS, several steps can introduce unacceptable errors. Using formal methods may be an answer to reduce errors during the modeling of access control policies. Using the process algebra EB3, one can formally model IS. Its extension, EB3SEC, was created in order to model access control policies. The ASTD notation combines Harel's Statecharts and EB3 operators into a graphical and formal notation that can be used in order to model IS. However, both methods lack tools allowing a designer to prove or verify security properties in order to validate an access control policy. Furthermore, the implementation of an access control policy must correspond to its abstract specification. This thesis defines translation rules from EB3 to ASTD, from ASTD to event-B and from ASTD to B. It also introduces a formal architecture expressed using the B notation in order to enforce a policy over an IS. This modeling of access control policies in B can be used in order to prove properties, thanks to the B prover, but also to verify properties using ProB, a model checker for B. Finally, a refinement strategy for the access control policy into an implementation is proposed. B refinements are proved, this ensures that the implementation corresponds to the initial model of the access control policy
Document type :
Theses
Complete list of metadatas

Cited literature [62 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-00674865
Contributor : Abes Star <>
Submitted on : Tuesday, February 28, 2012 - 12:52:29 PM
Last modification on : Thursday, January 11, 2018 - 6:19:28 AM
Long-term archiving on : Tuesday, May 29, 2012 - 2:32:42 AM

File

TH2011PEST1038_complete.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-00674865, version 1

Collections

Citation

Jérémy Milhau. Un processus formel d'intégration de politiques de contrôle d'accès dans les systèmes d'information. Autre [cs.OH]. Université Paris-Est, 2011. Français. ⟨NNT : 2011PEST1038⟩. ⟨tel-00674865⟩

Share

Metrics

Record views

716

Files downloads

1626