Petri nets and algebraic specifications
Theoretical Computer Science
Temporal verification of reactive systems: safety
Temporal verification of reactive systems: safety
The role-based access control system of a European bank: a case study and discussion
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Predicate abstraction for software verification
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
An algebra for composing access control policies
ACM Transactions on Information and System Security (TISSEC)
Reachability Analysis of (Timed) Petri Nets Using Real Arithmetic
CONCUR '99 Proceedings of the 10th International Conference on Concurrency Theory
Binder, a Logic-Based Security Language
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A rewriting approach to satisfiability procedures
Information and Computation - RTA 2001
Simulation Verification and Validation by Dynamic Policy Enforcement
ANSS '05 Proceedings of the 38th annual Symposium on Simulation
Model-Theoretic Methods in Combined Constraint Satisfiability
Journal of Automated Reasoning
Distributed Policy Specification and Enforcement in Service-Oriented Business Systems
ICEBE '05 Proceedings of the IEEE International Conference on e-Business Engineering
Understanding SPKI/SDSI using first-order logic
International Journal of Information Security
Verification of communicating data-driven web services
Proceedings of the twenty-fifth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Combining Nonstably Infinite Theories
Journal of Automated Reasoning
Access Control and Authorization Constraints for WS-BPEL
ICWS '06 Proceedings of the IEEE International Conference on Web Services
Intelligent Systems and Formal Methods in Software Engineering
IEEE Intelligent Systems
Coloured Petri Nets and CPN Tools for modelling and validation of concurrent systems
International Journal on Software Tools for Technology Transfer (STTT)
Predicate abstraction with indexed predicates
ACM Transactions on Computational Logic (TOCL)
Property-directed incremental invariant generation
Formal Aspects of Computing
An SMT Approach to Bounded Reachability Analysis of Model Programs
FORTE '08 Proceedings of the 28th IFIP WG 6.1 international conference on Formal Techniques for Networked and Distributed Systems
Towards SMT Model Checking of Array-Based Systems
IJCAR '08 Proceedings of the 4th international joint conference on Automated Reasoning
A Logical Approach to Dynamic Role-Based Access Control
AIMSA '08 Proceedings of the 13th international conference on Artificial Intelligence: Methodology, Systems, and Applications
ICWS '08 Proceedings of the 2008 IEEE International Conference on Web Services
Complete Instantiation for Quantified Formulas in Satisfiabiliby Modulo Theories
CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
Specification and Analysis of Dynamic Authorisation Policies
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Verifying the Interplay of Authorization Policies and Workflow in Service-Oriented Architectures
CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03
Goal-Directed Invariant Synthesis for Model Checking Modulo Theories
TABLEAUX '09 Proceedings of the 18th International Conference on Automated Reasoning with Analytic Tableaux and Related Methods
Model-Based Testing of Web Applications Using NModel
TESTCOM '09/FATES '09 Proceedings of the 21st IFIP WG 6.1 International Conference on Testing of Software and Communication Systems and 9th International FATES Workshop
A logic for state-modifying authorization policies
ACM Transactions on Information and System Security (TISSEC)
Automated Validation of Security-Sensitive Web Services Specified in BPEL and RBAC
SYNASC '10 Proceedings of the 2010 12th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Evaluating access control policies through model checking
ISC'05 Proceedings of the 8th international conference on Information Security
A Logic Framework for Incremental Learning of Process Models
Fundamenta Informaticae
Hi-index | 0.00 |
The specification of distributed service-oriented applications spans several levels of abstraction, e.g., the protocol for exchanging messages, the set of interface functionalities, the types of the manipulated data, the workflow, the access policy, etc. Many (even executable) specification languages are available to describe each level in separation. However, these levels may interact in subtle ways (for example, the control flow may depend on the values of some data variables) so that a precise abstraction of the application amounts to more than the sum of its per level components. This problem is even more acute in the design phase when automated analysis techniques may greatly help the difficult task of building "correct" applications faced by designers. To alleviate this kind of problems, this paper introduces a framework for the formal specification and automated analysis of distributed service-oriented applications in two levels: one for the workflow and one for the authorization policies. The former allows one to precisely describe the control and data parts of an application with their mutual dependencies. The latter focuses on the specification of the criteria for granting or denying third-party applications the possibility to access shared resources or to execute certain interface functionalities. These levels can be seen as abstractions of one or of several levels of specification mentioned above. The novelty of our proposal is the possibility to unambiguously specify the--often subtle--interplay between the workflow and policy levels uniformly in the same framework. Additionally, our framework allows us to define and investigate verification problems for service-oriented applications (such as executability and invariant checking) and give sufficient conditions for their decidability. These results are non-trivial because their scope of applicability goes well beyond the case of finite state spaces allowing for applications manipulating variables ranging over infinite domains. As proof of concept, we show the suitability and flexibility of our approach on two quite different examples inspired by industrial case studies.