Skip to Main content Skip to Navigation

Spécification et animation de modèles de conception de la sécurité avec Z

Abstract : Specifying security-critical software urges to develop techniques that allow early bugs detection and prevention. This is aggravated by the fact that massive cost and time are spent during product validation and verification (V&V). There exists a multitude of formal and informal techniques striving to confront the challenge of specifying and validating specifications. Our approach mainly concerns validating the security specifications by animating the formal models, which adds a new dimension to the state-of-the-art.Secure system engineering dedicated to tackle security features offers security-design models to sketch secure applications. Generally for these, Unified Modeling Language (UML) is considered a de facto standard along with a few extensions such as SecureUML and Object Constraint Language (OCL). OCL tends to add precision in design but yet it remains far from obtaining bugs free specifications. One reason to that is the inability of the OCL-based techniques to animate models before proceeding to an implementation.Combining formal languages such as Z with UML allows applying animation techniques enabling early validation of software design. The RoZ tool is capable of translating UML models into the Z specifications which further can be verified or validated. But RoZ is lacking to provide similar features for secure applications. In this thesis, we have upgraded this tool using an underlying security kernel backed up by Role Based Access Control (RBAC). Our approach not only allows validating the specifications but can animate the formal models. The animation also takes into account both the static and the dynamic aspects (i.e., session management) of RBAC-based security policies. Our unified approach and toolset involves a systematic usage and linkage of UML, SecureUML, RBAC, RoZ, Z, and the Just Another Z Animator (Jaza) tool. Using Jaza, the sort of validation we perform allows enumerating user defined scenarios to determine if the specification describes the intended reality. We emphasize on simultaneous consideration of functional and non-functional properties and consider functional models as contextual constraints over the security models. From a user viewpoint, our proposed approach can arbitrarily be composed with any functional model to examine an RBAC-based security policy.
Document type :
Complete list of metadatas

Cited literature [67 references]  Display  Hide  Download
Contributor : Abes Star :  Contact
Submitted on : Tuesday, July 10, 2012 - 2:43:14 PM
Last modification on : Thursday, November 19, 2020 - 12:59:57 PM
Long-term archiving on: : Thursday, December 15, 2016 - 10:13:53 PM


Version validated by the jury (STAR)


  • HAL Id : tel-00716404, version 1



Muhammad Nafees Qamar. Spécification et animation de modèles de conception de la sécurité avec Z. Autre [cs.OH]. Université de Grenoble, 2011. Français. ⟨NNT : 2011GRENM057⟩. ⟨tel-00716404⟩



Record views


Files downloads