Abstract
Distributed Collaborative Editors are interactive systems where several and dispersed users edit concurrently shared documents. Generally, these systems rely on data replication and use safe coordination protocol which ensures data consistency even though the users’s updates are executed in any order on different copies. Controlling access in such systems is a challenging problem, as they need dynamic access changes and low latency access to shared documents. In [1], a flexible access control protocol is proposed; it is based on replicating the shared document and its authorization policy at the local memory of each user. To deal with latency and dynamic access changes, an optimistic access control technique is used where enforcement of authorizations is retroactive. However, verifying whether the combination of access control and coordination protocols preserves the data consistency is a hard task since it requires examining a large number of situations. In this paper, we specify this access control protocol in the first-order relational logic with Alloy, and we verify that it preserves the correctness of the system on which it is deployed in such a way that the access control policy is enforced identically at all participating user sites and, accordingly, the data consistency remains still maintained.
This work is supported by grant number 138732 awarded by the Fonds de Recherche du Québec - Nature et Technologies (FQRNT-Équipe).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Imine, A., Cherif, A., Rusinowitch, M.: A Flexible Access Control Model for Distributed Collaborative Editors. In: Jonker, W., Petković, M. (eds.) SDM 2009. LNCS, vol. 5776, pp. 89–106. Springer, Heidelberg (2009)
Ellis, C.A., Gibbs, S.J.: Concurrency Control in Groupware Systems. In: SIGMOD Conference, vol. 18, pp. 399–407 (1989)
Sun, C., Jia, X., Zhang, Y., Yang, Y., Chen, D.: Achieving Convergence, Causality-preservation and Intention-preservation. In: Real-time Cooperative Editing Systems, pp. 63–108. ACM, New York (1998)
Sun, C., Xia, S., Sun, D., Chen, D., Shen, H., Cai, W.: Transparent Adaptation of Single-user Applications for Multi-user Real-time Collaboration. ACM Trans. Comput.-Hum. Interact. 13(4), 531–582 (2006)
Tolone, W., Ahn, G.J., Pai, T., Hong, S.P.: Access Control in Collaborative Systems. ACM Comput. Surv. 37(1), 29–41 (2005)
Povey, D.: Optimistic security: a new access control paradigm. In: Proceedings of the 1999 Workshop on New Security Paradigms, NSPW 1999, pp. 40–45. ACM, New York (2000)
Holzmann, G.J.: The Spin Model Checker: Primer and Reference Manual. Addison-Wesley (2004)
Cimatti, A., Clarke, E., Giunchiglia, F., Roveri, M.: NUSMV: A New Symbolic Model Checker. International Journal on Software Tools for Technology Transfer 2(4), 410–425 (2000)
Schaeffer-Filho, A., Lupu, E., Sloman, M., Eisenbach, S.: Verification of Policy-Based Self-Managed Cell Interactions Using Alloy. In: IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2009., pp. 37–40 (2009)
Frappier, M., Fraikin, B., Chossart, R., Chane-Yack-Fa, R., Ouenzar, M.: Comparison of Model Checking Tools for Information Systems. In: Dong, J.S., Zhu, H. (eds.) ICFEM 2010. LNCS, vol. 6447, pp. 581–596. Springer, Heidelberg (2010)
MIT Sofware Design Group: Alloy : a language and tool for relational models, http://alloy.mit.edu/alloy/ (accessed : May 5, 2013)
Woodcock, J., Davies, J.: Using Z: Specification, Refinement, and Proof. Prentice Hall (1996)
Canergie Mellon University: The SMV System, http://www.cs.cmu.edu/~modelcheck/smv.html (accessed : May 5, 2013)
Jackson, D.: Software Abstractions: Logic, Language, and Analysis. The MIT Press (2006)
Pai, S., Sharma, Y., Kumar, S., Pai, R.M., Singh, S.: Formal Verification of OAuth 2.0 Using Alloy Framework. In: 2011 International Conference on Communication Systems and Network Technologies (CSNT), pp. 655–659 (2011)
Le Berre, D., Parrain, A.: The Sat4j Library, Release 2.2. Journal on Satisfiability, Boolean Modeling and Computation 7, 59–64 (2010), System description
Boolean Satisability Research Group at Princeton: zChaff, http://www.princeton.edu/~chaff/zchaff.html (accessed : May 5, 2013)
Eén, N., Sörensson, N.: MiniSat, The MiniSat Page, http://minisat.se/ (accessed : May 5, 2013)
Torlak, E., Dennis, G.: Kodkod for Alloy users. In: First ACM Alloy Workshop (2006)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. Computer 29(2), 38–47 (1996)
Joshi, J.B.D., Bhatti, R., Bertino, E., Ghafoor, A.: Access-Control Language for Multidomain Environments. IEEE Internet Computing 8(6), 40–50 (2004)
Piromruen, S., Joshi, J.B.D.: An RBAC Framework for Time Constrained Secure Interoperation in Multi-Domain Environments. In: 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems, WORDS 2005, pp. 36–45 (2005)
Lee, H.K., Luedemann, H.: Lightweight Decentralized Authorization Model for Inter-Domain Collaborations. In: Proceedings of the 2007 ACM Workshop on Secure Web Services, SWS 2007, pp. 83–89. ACM, New York (2007)
Samarati, P., Ammann, P., Jajodia, S.: Maintaining Replicated Authorizations in Distributed Database Systems. Data & Knowledge Engineering 18(1), 55–84 (1996)
Xin, T., Ray, I.: A Lattice-Based Approach for Updating Access Control Policies in Real-time. Inf. Syst. 32(5), 755–772 (2007)
Hu, H., Ahn, G.: Enabling Verification and Conformance Testing for Access Control Model. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, SACMAT 2008, pp. 195–204. ACM, New York (2008)
Samuel, A., Ghafoor, A., Bertino, E.: A framework for specification and verification of generalized spatio-temporal role based access control model. Technical report, Purdue University (2007)
Toahchoodee, M., Ray, I., Anastasakis, K., Georg, G., Bordbar, B.: Ensuring Spatio-temporal Access Control for Real-world Applications. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009, pp. 13–22. ACM, New York (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Randolph, A., Imine, A., Boucheneb, H., Quintero, A. (2013). Specification and Verification Using Alloy of Optimistic Access Control for Distributed Collaborative Editors. In: Pecheur, C., Dierkes, M. (eds) Formal Methods for Industrial Critical Systems. FMICS 2013. Lecture Notes in Computer Science, vol 8187. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41010-9_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-41010-9_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41009-3
Online ISBN: 978-3-642-41010-9
eBook Packages: Computer ScienceComputer Science (R0)