A formal approach based on verification and validation techniques for enhancing the integrity of concrete role based access control policies

Abstract

Our research works are in the context of verifying the integrity of access control policies in relational database management systems. This paper addresses the following question: In terms of security and particularly access control, does an information system actually do what was planned for it to do? Thus, an important aspect is to help security architects verifying the correspondence between the security planning and its real implementation. We present a synthesis of the problem of access control policy integrity within relational databases. Then, we introduce our proposal for addressing this issue. We especially focus on the verification and validation of the conformity of concrete role based access control policies in a formal environment. Finally, we illustrate the relevance of our contribution through a case of study.