A framework for modelling security architectures in services ecosystems

Authors:
Matthew Collinson;David Pym;Barry Taylor
Affiliations:
University of Aberdeen, Scotland, U.K.;University of Aberdeen, Scotland, U.K.;University of Aberdeen, Scotland, U.K.
Venue:
ESOCC'12 Proceedings of the First European conference on Service-Oriented and Cloud Computing
Year:
2012

Citing 13
Cited 0

Communicating sequential processes

Communicating sequential processes
Users are not the enemy

Communications of the ACM
Distributed systems (3rd ed.): concepts and design

Distributed systems (3rd ed.): concepts and design
Business Dynamics

Business Dynamics
Task Modelling in Multiple Contexts of Use

DSV-IS '02 Proceedings of the 9th International Workshop on Interactive Systems. Design, Specification, and Verification
A multi-layered security architecture for modelling complex systems

Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
Model-driven business process security requirement specification

Journal of Systems Architecture: the EUROMICRO Journal
Investments and Trade-offs in the Economics of Information Security

Financial Cryptography and Data Security
Algebra and logic for resource-based systems modelling

Mathematical Structures in Computer Science
A Logical and Computational Theory of Located Resource

Journal of Logic and Computation
Algebra and logic for access control

Formal Aspects of Computing
Semantics for structured systems modelling and simulation

Proceedings of the 3rd International ICST Conference on Simulation Tools and Techniques
Modeling and Coordinating Social Interactions in Pervasive Environments

ICECCS '11 Proceedings of the 2011 16th IEEE International Conference on Engineering of Complex Computer Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

We develop a compositional framework for modelling security and business architectures based on rigorous underlying mathematical systems modelling technology. We explain the basic architectural model, which strictly separates declarative specification from operational implementation, and show architectures can interact by composition, substitution, and stacking. We illustrate these constructions using a running example based on airport security and an example based on (cloud-based) outsourcing, indicating how our approach can illustrate how security controls can fail or be circumvented in these cases. We explain our motivations from mathematical modelling and security economics, and conclude by indicating how to aim to develop a decision-support technology.