Two basic paradigms towards speciication of information security requirements can be taken: continuous speciication and early speciication of requirements. In models supporting continuous specii-cation and reenement of information security requirements, the development organization is more vulnerable to the tampering with partially speciied requirement primitives. This paper proposes a formal m...

Organizations use Role-Based Access Control (RBAC) to protect computer-based resources from unauthorized access. There has been considerable work on formally specifying RBAC policies but there is still a need for RBAC policy specification techniques that can be integrated into software design methods. This paper describes a method for incorporating specifications of RBAC policies into UML desig...

Event-B is a refinement-based formal method that has been shown to be useful in developing concurrent and distributed programs. Large models can be decomposed into sub-models that can be refined semi-independently and executed in parallel. In this paper, we show how to introduce explicit control flow for the concurrent sub-models in the form of event schedules. We explore how schedules can be d...

This paper discusses the use of formal methods in the development of the control system for the Maeslant Kering. The Maeslant Kering is the movable dam which has to protect Rotterdam from floodings while, at (almost) the same time, not restricting ship traffic to the port of Rotterdam. The control system, called Bos, completely autonomously decides about closing and opening of the barrier and, ...

Role Based Access Control (RBAC) has received considerable attention as a model of choice for simplified access control over the past decade. More recently, risk awareness in access control has emerged as an important research theme to mitigate risks involved when users exercise their privileges to access resources under different contexts such as accessing a sensitive file from work versus doi...

A number of timed-trace formalisms, where systems are modelled by time-varying functions, have been proposed for the formal development of real-time systems. In this paper, we illustrate one such approach via the speciication and reenement of the well-known Steam Boiler Control Problem. The case study illustrates the use of a timed-trace formalism to specify deadlines and other timing constrain...

With the growing use of wireless networks and mobile devices, we are moving towards an era where location information will be necessary for access control. The use of location information can be used for enhancing the security of an application, and it can also be exploited to launch attacks. For critical applications, a formal model for location-based access control is needed that increases th...

As a program evolves, it becomes increasingly difficult to understand and reason about changes in the source code. Eventually, if enough changes are made, reverse engineering and design recovery techniques must be used in order to understand the current behavior of a system. In this context, the effective use of complementary approaches can facilitate program and system understanding by taking ...

Second order necessary and sufficient optimality conditions for bang–bang control problems have been studied in Milyutin, Osmolovskii (1998). These conditions amount to testing the positive (semi–)definiteness of a quadratic form on a critical cone. The assumptions are appropriate for numerical verification only in some special cases. In this paper, we study various transformations of the quadr...