Using alloy to analyse a spatio-temporal access control model supporting delegation

Pervasive computing applications use the knowledge of the environment to provide better services and functionality to the end user. Access control for such applications needs to use contextual information. Towards this end, we proposed an access control model based on role-based access control that uses the environmental contexts time and location to determine whether a user can get access to some resource. The model also supports delegation which is important for dynamic applications where a user is unavailable and permissions may have to be transferred temporarily to another user/role in order to complete a specific task. Such a model typically has numerous features to support the requirements of various applications. The features may interact in subtle ways to produce conflicts. Here, we propose an automated approach using Alloy for detecting such conflicts. Alloy is supported by a software infrastructure that allows automated analysis of models and has been used to verify industrial applications. The results obtained from the analysis will enable the users of the model to make informed decisions.     

An aspect-oriented methodology for designing secure applications

We propose a methodology, based on aspect-oriented modeling (AOM), for incorporating security mechanisms in an application. The functionality of the application is described using the primary model and the attacks are specified using aspects. The attack aspect is composed with the primary model to obtain the misuse model. The misuse model describes how much the application can be compromised. If the results are unacceptable, then some security mechanism must be incorporated into the application. The security mechanism, modeled as security aspect, is composed with the primary model to obtain the security-treated model. The security-treated model is analyzed to give assurance that it is resilient to the attack.