Model-driven approaches to analysing time- and location-dependent access control specifications

Analysis of Access Control systems is an important task to ensure that unauthorised access to critical resources is protected. This thesis deals with a challenging problem related to the analysis of Access Control systems which depend on time and location against undesirable scenarios such as inconsistency. In particular, this thesis first provides formal algebraic notations for the Access Control specifications in the context of a SpatioTemporal Role Based Access Control (STRBAC) model. This is followed by formulating the terms of inconsistency and semi-consistency in STRBAC specifications, which are accomplished with the help of the formal algebraic notations. In order to analyse STRBAC specifications to detect inconsistencies and semi-consistencies, this thesis utilises Alloy and Timed Automata. A key challenge is how to automatically generate analysable formalisation such as Alloy and Timed Automata from the specifications. This thesis employs Model-Driven Architecture (MDA) technology to automate the transformation of the STRBAC model to Alloy as well as to Timed Automata and Timed Computation Tree Logic (TCTL). This is accomplished by defining one set of transformation rules for mapping STRBAC features to Alloy features and another set for mapping the features of the STRBAC model to Timed Automata and TCTL features. Details of how we implement model transformation in the SiTra transformation engine are also presented and described with the help of a case study. In addition, we present a comparative study between Alloy and Timed Automata from capability and performance points of view, following which we demonstrate that current Access Control models are not adequate for representing Physical Access Control (PAC) specifications and then discuss some of the limitations of the current models, which we highlight by conducting a case study involving the modelling of an Access Control mechanism used by British Telecom (BT). To overcome such limitations, we present an extension of the STRBAC model which considers the physical aspects of Access Control systems.