ACM Transactions on Computer Systems (TOCS)
KLAIM: A Kernel Language for Agents Interaction and Mobility
IEEE Transactions on Software Engineering
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Protocol Insecurity with Finite Number of Sessions is NP-Complete
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
DKAL: Distributed-Knowledge Authorization Language
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
The Open-Source Fixed-Point Model Checker for Symbolic Analysis of Security Protocols
Foundations of Security Analysis and Design V
Protocol Composition for Arbitrary Primitives
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Abstraction by set-membership: verifying security protocols and web services with databases
Proceedings of the 17th ACM conference on Computer and communications security
The AVISPA tool for the automated validation of internet security protocols and applications
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
HiPoLDS: a security policy language for distributed systems
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
HiPoLDS: A Hierarchical Security Policy Language for Distributed Systems
Information Security Tech. Report
Modeling test cases for security protocols with SecureMDD
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
This paper introduces ASLan++, the AVANTSSAR Specification Language. ASLan++ has been designed for formally specifying dynamically composed security-sensitive web services and service-oriented architectures, their associated security policies, as well as their security properties, at both communication and application level. We introduce the main concepts of ASLan++ at a small but very instructive running example, abstracted form a company intranet scenario, that features non-linear and inter-dependent workflows, communication security at different abstraction levels including an explicit credentials-based authentication mechanism, dynamic access control policies, and the related security goals. This demonstrates the flexibility and expressiveness of the language, and that the resulting models are logically adequate, while on the other hand they are clear to read and feasible to construct for system designers who are not experts in formal methods.