Qunoo, Hasan Najib Yousif (2012)
Ph.D. thesis, University of Birmingham.
This thesis advances the modelling and verification of access control policies by using automated knowledge-based symbolic model checking techniques. The key contributions of this thesis are threefold: firstly, a modelling language that expresses dynamic access control policies with compound actions that update multiple variables; secondly, a knowledge-based verification algorithm that verifies properties over an access control policy that has compound actions; and finally, an automated tool, called X-Policy, which implements the algorithm.
This research enables us to model and verify access control policies for web-based collaborative systems. We model and analyse a number of conference management systems and their security properties. We propose the appropriate modifications to rectify the policies when possible. Ultimately, this research will allow us to model and verify more systems and help avoid the current situation.
This unpublished thesis/dissertation is copyright of the author and/or third parties.
The intellectual property rights of the author or third parties in respect of this work are as defined by The Copyright Designs and Patents Act 1988 or as modified by any successor legislation. Any use made of information contained in this thesis/dissertation must be in accordance with that legislation and must be properly acknowledged.
Further distribution or reproduction in any format is prohibited without the permission of the copyright holder.
Repository Staff Only: item control page