DocumentCode
2867562
Title
Integrated Specification and Verification of Security Protocols and Policies
Author
Frau, Simone ; Torabi-Dashti, Mohammad
Author_Institution
ETH Zurich, Zurich, Switzerland
fYear
2011
fDate
27-29 June 2011
Firstpage
18
Lastpage
32
Abstract
We propose a language for formal specification of service-oriented architectures. The language supports the integrated specification of communication level events, policy level decisions, and the interaction between the two. We show that the reach ability problem is decidable for a fragment of service-oriented architectures. The decidable fragment is well suited for specifying, and reasoning about, security-sensitive architectures. In the decidable fragment, the attacker controls the communication media. The policies of services are centered around the trust application and trust delegation rules, and can also express RBAC systems with role hierarchy. The fragment is of immediate practical relevance: We report on the specification and verification of two security-sensitive architectures, stemming from the e-government and e-health domains.
Keywords
authorisation; cryptographic protocols; formal specification; formal verification; government policies; service-oriented architecture; RBAC systems; e-government; e-health domains; formal specification; formal verification; policy level decisions; security protocols; security-sensitive architectures; service-oriented architectures; trust application; trust delegation; Authorization; Computer architecture; Engines; Protocols; Public key; Service oriented architecture; Access control; Decidability; Formal methods; Security protocols; Trust management;
fLanguage
English
Publisher
ieee
Conference_Titel
Computer Security Foundations Symposium (CSF), 2011 IEEE 24th
Conference_Location
Cernay-la-Ville
ISSN
1940-1434
Print_ISBN
978-1-61284-644-6
Type
conf
DOI
10.1109/CSF.2011.9
Filename
5992152
Link To Document