Security policies modeling by using formal methods

Access control allows one to specify a part of the security Policy of an IS (information system). An AC (access control) policy defines which conditions must old for someone to have access to something. Main concepts used in AC are: permissions, prohibitions, obligations and SoD (separation of duty). Permissions allow someone to access to some resources. On the opposite, prohibitions forbid users to have access to some resources. Obligations link at least two actions: when a user performs an action, he must perform another one. SoD secures an action by dividing it in different tasks, and entrusting the execution of these tasks to different users. Many AC policies modelling methods already exist. The main particularities of the EB3Sec methods are:- All AC concepts can be expressed in a unique model,- This modelling method is event-based. No existing AC modelling methods presents these two characteristics. We define a set of patterns; each pattern corresponds to a specific AC constraint. An EB3Sec model can be used for different purposes:- Simulation and verification,- Implementation.Verifying a model consists in checking that the model complies with some properties that we have defined. Mainly, blocking must be detected. Blocking corresponds to a step of execution where no action can be executed or to situations where an action cannot be performed anymore. Current model checking methods cannot be used to check properties on dynamic AC constraints. Thus, model-checking techniques are combined to simulation techniques. Once a model is verified, it can be transformed in an implementation. To implement an EB3Sec model two ways can be considered: the EB3Sec model can be translated into an other language, such as XACML, which possesses a mature implementation, or a security kernel using EB3Sec as input language can be implemented

Data and Resources

Additional Info

Field Value
Source https://theses.hal.science/tel-00786926
Author Konopacki, Pierre
Maintainer CCSD
Last Updated May 14, 2026, 13:46 (UTC)
Created May 14, 2026, 13:46 (UTC)
Identifier NNT: 2012PEST1089
Language fr
Rights https://about.hal.science/hal-authorisation-v1/
contributor Laboratoire d'Algorithmique Complexité et Logique (LACL) ; Université Paris-Est Créteil Val-de-Marne - Paris 12 (UPEC UP12)-Centre National de la Recherche Scientifique (CNRS)
creator Konopacki, Pierre
date 2012-05-04T00:00:00
harvest_object_id 12193c40-060e-439a-8189-32336ec42add
harvest_source_id 3374d638-d20b-4672-ba96-a23232d55657
harvest_source_title test moissonnage SELUNE
metadata_modified 2026-03-31T00:00:00
set_spec type:THESE