H. Jahankhani et al. (Eds.): ICGS3/e-Democracy 2011, LNICST 99, pp. 88–95, 2012. © Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2012 Towards Colored Petri Net Modeling of Expanded C-TMAC Apostolos K. Provatidis, Christos K. Georgiadis, and Ioannis K. Mavridis University of Macedonia, Department of Applied Informatics, Egnatia 156, 540 06 Thessaloniki, Greece {Provatidis,geor,mavridis}@uom.gr Abstract. Today advancements in information technology have led to multi- user information systems of high complexity, where users can group, collaborate and share resources. The variety of such systems include a wide range of applications such as collaborative document sharing and editing, social networks, work flow management systems, mobile location based applications etc. As those systems continue to evolve, additional requirements arise which need to be met, such as context inclusion in access control decision making and security policies that support grouping, collaboration and sharing. To address this need, we are working on expanding C-TMAC, a security model that intrinsically supports grouping, collaboration and context awareness. In this perspective, we utilize the mathematical modeling language of Colored Petri Nets, along with the CPNtools, in order to represent and analyze the basic components of C-TMAC model. Keywords: Security, Access Control, C-TMAC, RBAC, Colored Petri Nets, CPNtools, Formal Modeling and Analysis. 1 Introduction A multi-user, information and resource sharing environment is bound to the conflict of the competing goals of collaboration and security, as ease of access is not easily paired to the availability, confidentiality, and integrity requirements of a solid security policy. In addition, the inclusion of context in these systems means that information of high sensitivity is processed which needs to be very carefully controlled. The particular need of controlling the information flow between individuals in such systems, demands for a security model that can effectively address these combined requirements. Besides the classical access control approaches, like Mandatory Access Control (MAC), Discretionary Access Control (DAC) and Role based Access Control (RBAC), the Context-Based Team Access Control (C-TMAC) model was first introduced in [1]. C-TMAC is an extension of the highly established RBAC [2]. The purpose of this paper is to formally represent and analyze the basic components of the C-TMAC model, in order to identify its strengths and shortcomings. Working on this direction, we aim at expanding C-TMAC by enriching its intrinsic support of