Using Hierarchical Timed Coloured Petri Nets in the formal study of TRBAC security policies

摘要

Role-Based Access Control (RBAC) is one of the most used models in designing and implementation of security policies, in large networking systems. Basic RBAC model does not consider temporal aspects which are so important in such policies. Temporal RBAC (TRBAC) is proposed to deal with these temporal aspects. Despite the elegance of these models, designing a security policy remains a challenge. Designers must ensure the consistency and the correctness of the policy. The use of formal methods provides techniques for proving that the designed policy is consistent. In this paper, we present a formal modelling/analysis approach of TRBAC policies. This approach uses Hierarchical Timed Coloured Petri Nets (HTCPN) formalism to model the TRBAC policy, and the CPN-tool to analyse the generated models. The timed aspect, in HTCPN, facilitates the consideration of temporal constraints introduced in TRBAC. The hierarchical aspect of HTCPN makes the model "manageable", in spite of the complexity of TRBAC policy specification. The analysis phase allows the verification of many important properties about the TRBAC security policy.