Scheduled System Maintenance:
On Wednesday, July 29th, IEEE Xplore will undergo scheduled maintenance from 7:00-9:00 AM ET (11:00-13:00 UTC). During this time there may be intermittent impact on performance. We apologize for any inconvenience.
By Topic

Using Petri nets to verify access policies in mandatory access control model

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Yixin Jiang ; Inst. of Comput. Network, Tsinghua Univ., Beijing, China ; Chuang Lin ; Chen, Zhen ; Hao Yin

MAC (mandatory access control) model is a basic security model for describing and verifying information system. In this paper a method is presented to verify security policies in MAC model by means of colored Petri nets (CPN). The main theme of this paper is depicted as follows: firstly, based on the lattice model of multilevel security (MLS) and Bell-LaPadula model, the MAC model is formally defined. Subsequently, an equivalent MAC model described by colored Petri nets (CPN) is proposed. According to the derived state reachability graph, four security properties of access control policy relations in MAC model are investigated, i.e. access temporal relations, access reachability, covert channel analysis, inference of sensitive information. An example of the security model is given for illustration. The results show that this concise graphic analysis method is suitable for formal verification. This method can be efficiently used to analyze information flow security and therefore improve the whole access control policies during security design and implementation of the system.

Published in:

Information Reuse and Integration, 2004. IRI 2004. Proceedings of the 2004 IEEE International Conference on

Date of Conference:

8-10 Nov. 2004