Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Security and Trust Management

STM 2012: Security and Trust Management pp 49–64Cite as

Automated Analysis of Scenario-Based Specifications of Distributed Access Control Policies with Non-mechanizable Activities

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7783))

Abstract

The advance of web services technologies promises to have far-reaching effects on the Internet and enterprise networks allowing for greater accessibility of data. The security challenges presented by the web services approach are formidable. In particular, access control solutions should be revised to address new challenges, such as the need of using certificates for the identification of users and their attributes, human intervention in the creation or selection of the certificates, and (chains of) certificates for trust management. With all these features, it is not surprising that analyzing policies to guarantee that a sensitive resource can be accessed only by authorized users becomes very difficult. In this paper, we present an automated technique to analyze scenario-based specifications of access control policies in open and distributed systems. We illustrate our ideas on a case study arising in the e-government area.

The work presented in this paper was supported by the FP7-ICT-2009-5 Project no. 257876, “SPaCIoS: Secure Provision and Consumption in the Internet of Services”, and by the “Automated Security Analysis of Identity and Access Management Systems (SIAM)” project funded by Provincia Autonoma di Trento in the context of the “Team 2009 - Incoming” COFUND action of the European Commission (FP7).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Accorsi, R.: A security-aware simulation method for generating business process event logs. In: Symp. on Data-Driven Process Discovery and Analysis (2012)

    Google Scholar 

  2. Alberti, F., Armando, A., Ranise, S.: Efficient Symbolic Automated Analysis of Administrative Role Based Access Control Policies. In: 6th ASIACCS. ACM (2011)

    Google Scholar 

  3. Barletta, M., Calvi, A., Ranise, S., Viganò, L., Zanetti, L.: WSSMT: Towards the Automated Analysis of Security-Sensitive Services and Applications. In: Proc. 12th SYNASC, pp. 417–424. IEEE Computer Society (2010)

    Google Scholar 

  4. Barletta, M., Ranise, S., Viganò, L.: Verifying the Interplay of Authorization Policies and Workflow in Service-Oriented Architectures. In: Proc. SecureCom 2009, pp. 289–299. IEEE CS (2009), full version at http://arxiv.org/abs/0906.4570

  5. Barletta, M., Ranise, S., Viganò, L.: Automated Analysis of Scenario-based Specifications of Distributed Access Control Policies with Non-Mechanizable Activities, Extended Version (2012), http://arxiv.org/abs/1206.3180

  6. Becker, M.Y., Nanz, S.: The role of abduction in declarative authorization policies. In: Hudak, P., Warren, D.S. (eds.) PADL 2008. LNCS, vol. 4902, pp. 84–99. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  7. Becker, M.Y., Nanz, S.: A logic for state-modifying authorization policies. ACM Trans. Inf. Syst. Secur. 13(3) (2010)

    Google Scholar 

  8. Bertino, E., Crampton, J., Paci, F.: Access Control and Authorization Constraints for WS-BPEL. In: Proc. ICWS 2006, pp. 275–284. IEEE CS (2006)

    Google Scholar 

  9. Brightwell, G., Winkler, P.: Counting linear extensions is #P-complete. In: Proc. STOC, pp. 175–181. ACM (1991)

    Google Scholar 

  10. Diaper, D.: Task analysis for human-computer interaction. Prentice-Hall (1990)

    Google Scholar 

  11. Enderton, H.B.: A Mathematical Introduction to Logic. Academic Press (1972)

    Google Scholar 

  12. Gunter, E., Yasmeen, A., Gunter, C., Nguyen, A.: Specifying and analyzing workflows for automated identification and data capture. In: Proc. HICSS 2009, pp. 1–11. IEEE CS (2009)

    Google Scholar 

  13. Gurevich, Y., Neeman, I.: Dkal: Distributed-knowledge authorization language. In: Proceedings of CSF, pp. 149–162. IEEE CS (2008)

    Google Scholar 

  14. Gurevich, Y., Roy, A.: Operational Semantics for DKAL: Application and Analysis. In: Fischer-Hübner, S., Lambrinoudakis, C., Pernul, G. (eds.) TrustBus 2009. LNCS, vol. 5695, pp. 149–158. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  15. Hurlin, C., Kirchner, H.: Semi-automatic synthesis of security policies by invariant-guided abduction. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 157–175. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  16. Lamport, L., Schneider, F.B.: Pretending atomicity. Technical report. In: Research Report 44, Digital Equipment Corporation Systems Research (1989)

    Google Scholar 

  17. Li, N., Mitchell, J.C.: DATALOG with constraints: A foundation for trust management languages. In: Dahl, V. (ed.) PADL 2003. LNCS, vol. 2562, pp. 58–73. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  18. Li, N., Tripunitara, M.V.: Security analysis in role-based access control. ACM Trans. Inf. Syst. Secur. 9, 391–420 (2006)

    Article  Google Scholar 

  19. Li, N., Winsborough, W.H., Mitchell, J.C.: Distributed credential chain discovery in trust management. Journal of Computer Security 11(1), 35–86 (2003)

    Google Scholar 

  20. Pruesse, G., Ruskey, F.: Generating Linear Extensions Fast. SIAM J. Comp. 23(2), 373–386 (1994)

    Article  MathSciNet  MATH  Google Scholar 

  21. Ranise, S.: On the Verification of Security-Aware E-services. Journal of Symbolic Computation 47, 1066–1088 (2012)

    Article  MathSciNet  MATH  Google Scholar 

  22. Rudolph, E., Graubmann, P., Grabowski, J.: Tutorial on message sequence charts. Computer Networks and ISDN Systems 28(12), 1629–1641 (1996)

    Article  Google Scholar 

  23. Shin, D., Wysk, R., Rothrock, L.: Formal model of human material-handling tasks for control of manufacturing systems. IEEE Transactions on Systems, Man and Cybernetics, Part A: Systems and Humans 36(4), 685–696 (2006)

    Article  Google Scholar 

  24. Tan, K., Crampton, J., Gunter, C.: The consistency of task-based authorization constraints in workflow. In: Proc. CSF, pp. 155–169. IEEE CS (2004)

    Google Scholar 

  25. Yasmeen, A., Gunter, E.: Automated framework for formal operator task analysis. In: Proc.  ISSTA 2011 (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Informatica, Università di Verona, Italy

    Michele Barletta & Luca Viganò

  2. FBK-Irst, Trento, Italy

    Silvio Ranise

Authors
  1. Michele Barletta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Silvio Ranise
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Luca Viganò
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Informatics, University of Oslo, P.O.Box 1080, 0316, Blindern, Oslo, Norway

    Audun Jøsang

  2. Dipartimento di Informatica, Università degli Studi di Milano, Via Bramante, 65, 26013, Crema, CR, Italy

    Pierangela Samarati

  3. National Research Center(CNR), Institute of Informatics and Telematics(IIT), Via G. Moruzzi, 1, 56124, Pisa, Italy

    Marinella Petrocchi

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Barletta, M., Ranise, S., Viganò, L. (2013). Automated Analysis of Scenario-Based Specifications of Distributed Access Control Policies with Non-mechanizable Activities. In: Jøsang, A., Samarati, P., Petrocchi, M. (eds) Security and Trust Management. STM 2012. Lecture Notes in Computer Science, vol 7783. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38004-4_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38004-4_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38003-7

  • Online ISBN: 978-3-642-38004-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation