Towards the orchestration of secured services under non-disclosure policies
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
| Hi-index | 0.00 |
We propose a language for formal specification of service-oriented architectures. The language supports the integrated specification of communication level events, policy level decisions, and the interaction between the two. We show that the reach ability problem is decidable for a fragment of service-oriented architectures. The decidable fragment is well suited for specifying, and reasoning about, security-sensitive architectures. In the decidable fragment, the attacker controls the communication media. The policies of services are centered around the trust application and trust delegation rules, and can also express RBAC systems with role hierarchy. The fragment is of immediate practical relevance: We report on the specification and verification of two security-sensitive architectures, stemming from the e-government and e-health domains.