The temporal logic of reactive and concurrent systems
The temporal logic of reactive and concurrent systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Role-Based Access Control Models
Computer
SASI enforcement of security policies: a retrospective
Proceedings of the 1999 workshop on New security paradigms
TRBAC: a temporal role-based access control model
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Guarded commands, nondeterminacy and formal derivation of programs
Communications of the ACM
Lattice-Based Access Control Models
Computer
XML Access Control Systems: A Component-Based Approach
Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions
ACM SIGOPS Operating Systems Review
Enforceable Security Policies
Practical Domain and Type Enforcement for UNIX
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Validating a Web service security abstraction by typing
Proceedings of the 2002 ACM workshop on XML security
Timed constraint programming: a declarative approach to usage control
PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
Trust but verify: authorization for web services
SWS '04 Proceedings of the 2004 workshop on Secure web service
Access control enforcement for conversation-based web services
Proceedings of the 15th international conference on World Wide Web
Automatic web services composition in trustaware communities
Proceedings of the 3rd ACM workshop on Secure web services
On the modeling and analysis of obligations
Proceedings of the 13th ACM conference on Computer and communications security
Access control and audit model for the multidimensional modeling of data warehouses
Decision Support Systems
Developing secure data warehouses with a UML extension
Information Systems
An extended XACML model to ensure secure information access for web services
Journal of Systems and Software
Authorization control in collaborative healthcare systems
Journal of Theoretical and Applied Electronic Commerce Research
A framework towards enhancing trust and authorisation for e-commerce service
International Journal of Internet Technology and Secured Transactions
Access control: what is required in business collaboration?
ADC '09 Proceedings of the Twentieth Australasian Conference on Australasian Database - Volume 92
ACConv -- An Access Control Model for Conversational Web Services
ACM Transactions on the Web (TWEB)
Defining and measuring policy coverage in testing access control policies
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
λ-RBAC: programming with role-based access control
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Authorization in cross-border eHealth systems
Information Systems Frontiers
Hi-index | 0.00 |
This paper presents an approach for formally specifying and enforcing security policies on web service implementations. Networked services in general, and web services in particular, require extensive amounts of code to ensure that clients respect site-integrity constraints. We provide a language by which these constraints can be expressed and enforced automatically, portably and efficiently. Security policies in our system are specified in a language based on temporal logic, and are processed by an enforcement engine to yield site and platform-specific access control code. This code is integrated with a web server and platform-specific libraries to enforce the specified policy on a given web service. Our approach decouples the security policy specification from service implementations, provides a mandatory access control model for web services, and achieves good performance. We show that up to 22% of the code in a traditional web service module is dedicated to security checking functionality, including checks for client sequencing and parameter validation. We show that our prototype language implementation, WebGuard, enables web programmers to significantly reduce the amount of security checking code they need to develop manually. The quality of the code generated by WebGuard from formal policy specifications is competitive with the latency of handcrafted code to within a few percent.