Skip to main content

Advertisement

Log in

A declarative two-level framework to specify and verify workflow and authorization policies in service-oriented architectures

  • Original Research Paper
  • Published:
Service Oriented Computing and Applications Aims and scope Submit manuscript

Abstract

The specification of distributed service-oriented applications spans several levels of abstraction, e.g., the protocol for exchanging messages, the set of interface functionalities, the types of the manipulated data, the workflow, the access policy, etc. Many (even executable) specification languages are available to describe each level in separation. However, these levels may interact in subtle ways (for example, the control flow may depend on the values of some data variables) so that a precise abstraction of the application amounts to more than the sum of its per level components. This problem is even more acute in the design phase when automated analysis techniques may greatly help the difficult task of building “correct” applications faced by designers. To alleviate this kind of problems, this paper introduces a framework for the formal specification and automated analysis of distributed service-oriented applications in two levels: one for the workflow and one for the authorization policies. The former allows one to precisely describe the control and data parts of an application with their mutual dependencies. The latter focuses on the specification of the criteria for granting or denying third-party applications the possibility to access shared resources or to execute certain interface functionalities. These levels can be seen as abstractions of one or of several levels of specification mentioned above. The novelty of our proposal is the possibility to unambiguously specify the—often subtle—interplay between the workflow and policy levels uniformly in the same framework. Additionally, our framework allows us to define and investigate verification problems for service-oriented applications (such as executability and invariant checking) and give sufficient conditions for their decidability. These results are non-trivial because their scope of applicability goes well beyond the case of finite state spaces allowing for applications manipulating variables ranging over infinite domains. As proof of concept, we show the suitability and flexibility of our approach on two quite different examples inspired by industrial case studies.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Armando A, Ponta SE (2009) Model checking of security-sensitive business processes. submitted

  2. Armando A, Ranise S, Rusinowitch M (2003) A rewriting approach to satisfiability procedures. Inf Comput 183(2): 140–164

    Article  MathSciNet  MATH  Google Scholar 

  3. AVANTSSAR (2008) Deliverable 5.1: problem cases and their trust and security requirements. Available at http://www.avantssar.eu

  4. Balbiani P, Chevalier Y, El Houri M (2008) A logical approach to dynamic role-based access control. In: Proceedings of AIMSA’08, LNCS 5253. Springer

  5. Balbiani P, Chevalier Y, El Houri M (2009) An attribute based framework to express dynamic evolution of services in a distributed environment. submitted

  6. Barletta M, Ranise S, Viganò L (2009) Verifying the interplay of authorization policies and workflow in service-oriented architectures. In: Proceedings of the 2009 international symposium on secure computing (SecureCom 2009), vol. 3 of 2009 international conference on computational science and engineering (CSE 2009). IEEE Computer Society Press, pp 289–299. http://doi.ieeecomputersociety.org/10.1109/CSE.2009.172

  7. Becker MY (2009) Specification and analysis of dynamic authorisation policies. In: Proceedings of the 22nd IEEE computer security foundations symposium (CSF). IEEE Computer Society Press

  8. Becker MY, Fournet C, Gordon AD Security policy assertion language (SecPAL). http://research.microsoft.com/en-us/projects/SecPAL/

  9. Becker MY, Nanz S (2009) A logic for state-modifying authorization policies. ACM transactions on information and system security (TISSEC)

  10. Beckert B, Hoare T, Hähnle R, Smith DR, Green C, Ranise S, Tinelli C, Ball T, Rajamani SK (2006) Intelligent systems and formal methods in software engineering. IEEE Intell Syst 21(6): 71–81

    Article  Google Scholar 

  11. Bérard B, Fribourg L (1999) Reachability analysis of (timed) petri nets using real arithmetic. In: Proceedings of 10th international conference on concurrency theory (CONCUR’99) LNCS 1664. Springer

  12. Bertino E, Crampton J, Paci F (2006) Access control and authorization constraints for WS-BPEL. In: Proceedings of ICWS’06. IEEE Computer Society Press, pp 275–284

  13. Biere A, Cimatti A, Clarke EM, Strichman O, Zhu Y (2003) Bounded model checking. Adv Comput 58: 118–149

    Google Scholar 

  14. Biere A, Heljanko K, Junttila TA, Latvala T, Schuppan V (2006) Linear encodings of bounded ltl model checking. Logical methods comput Sci 2(5)

  15. Bonatti P, di Vimercati SDC, Samarati P (2002) An algebra for composing access control policies. ACM Trans Inf Syst Secur 5(1): 1–35

    Article  Google Scholar 

  16. Börger E, Grädel E, Gurevich Y (1997) The classical decision problem. Springer, Berlin

    MATH  Google Scholar 

  17. Bradley AR, Manna Z (2009) Property-directed incremental invariant generation. Formal aspects of computing. To appear

  18. Calvi A, Ranise S, Viganò L (2010) Automated validation of security-sensitive web services specified in bpel and rbac. In: Proceedings of 1st workshop on software service (satellite of SYNASC symposium). Timisoara, Sept. 23–25 (2010). To appear in IEEE Comp. Society

  19. Chang C-C, Keisler JH (1990) Model theory. North-Holland, Amsterdam

    MATH  Google Scholar 

  20. Christensen E, Curbera F, Meredith G, Weerawarana S Web services description language (WSDL) 1.1. Available at http://www.w3.org/TR/wsdl

  21. DeTreville J (2002) Binder, a logic-based security language. In: IEEE symposium on security and privacy. IEEE Computer Society Press

  22. Deutsch A, Sui L, Vianu V, Zhou D (2006) Verification of Communicating data-driven web services. In: Proceedings of PODS’06. ACM Press

  23. Dougherty DJ, Fisler K, Krishnamurthi S (2006) Specifying and reasoning about dynamic access-control policies. In: Proceedings of IJCAR’06, LNCS 4130. Springer, pp 632–646

  24. Enderton HB (1972) A mathematical introduction to logic. Academic Press, New York

    MATH  Google Scholar 

  25. Ernits J, Roo R, Jacky J, Veanes M (2009) Model-based testing of web applications using NModel. In: TESTCOM/FATES. Springer-Verlag

  26. Esparza J, Nielsen M (1994) Decidability issues for petri nets—a survey. EATCS Bull (52)

  27. Fast Home Page. http://www.lsv.ens-cachan.fr/Software/fast.

  28. Ferraiolo D, Kuhn D (1992) Role-based access control. In: Proceedings of 15th NIST-NCSC national computer security conference. pp 554–563

  29. Fischer J, Majumdar R (2008) A theory of role composition. In: International conference on web services (ICWS ’08). IEEE Comp. Society

  30. Flanagan C, Qaader S (2002) Predicate abstraction for software verification. In: Proceedings of the symposium on principles of programming languages (POPL’02). ACM Press, pp 191–202

  31. Ge Y, de Moura L (2009) Complete instantiation for quantified formulas in satisfiabiliby modulo theories. In: Proceedings of computer aided verification (CAV). pp 306–320

  32. Ghilardi S (2004) Model theoretic methods in combined constraint satisfiability. J Autom Reason 33(3–4)

  33. Ghilardi S, Nicolini E, Ranise S, Zucchelli D (2008) Towards SMT model-checking of array-based Systems. In: Proceedings of the 4th international joint conference on automated reasoning (IJCAR 08). Springer, pp 67–82

  34. Ghilardi S, Ranise S (2009) Goal directed invariant synthesis for model checking modulo theories. In: 18th international conference on automated reasoning with analytic tableaux and related methods (TABLEAUX 09). Springer, pp 173–188

  35. Gurevich Y, Neeman I Distributed-knowledge authorization language (DKAL). http://research.microsoft.com/~gurevich/DKAL.htm

  36. Jensen K, Kristensen L, Wells L (2007) Coloured petri nets and CPN tools for modelling and validation of concurrent systems. Int J Softw Tools Technol Transf 9: 213–254

    Article  Google Scholar 

  37. Lahiri SK, Bryant RE (2007) Predicate abstraction with indexed predicates. ACM Trans Comput Log 9(1)

  38. Li N, Mitchell JC (2006) Understanding SPKI/SDSI using first-order logic. Int J Inf Secur 5(1): 48–64

    Article  Google Scholar 

  39. Manna Z, Pnueli A (1995) Temporal verification of reactive systems: safety. Springer, New York

    Book  Google Scholar 

  40. Marconi A, Pistore M, Traverso P (2008) Automated composition of web services: the astro approach. IEEE Data Eng Bull 31(3): 23–26

    Google Scholar 

  41. OASIS business process execution language for Web Services specification V1.1. Available at. http://dev2dev.bea.com/technologies/webservices/BPEL4WS.jsp

  42. OASIS Committee draft (2007) Web services business process execution language v. 2.0

  43. Paci F, Bertino E, Crampton J (2008) An access control framework for WS-BPEL. Int J Web Serv Res 5(3): 20–43

    Article  Google Scholar 

  44. Reisig W (1991) Petri nets and algebraic specifications. Theor Comput Sci 80(1): 1–34

    Article  MathSciNet  MATH  Google Scholar 

  45. Rybina T, Voronkov A (2003) A logical reconstruction of reachability. In: Proceedings of PSI’03, LNCS 2890. Springer, pp 222–237

  46. Schaad A, Moffett J, Jacob J (2001) The role-based access control system of a european bank: a case study and discussion. In: Proceedings of 6th ACM symposium on access control models and technologies. ACM Press

  47. Schaad A, Sohr K, Drouineaud M (2007) A workflow-based model-checking approach to inter- and intra-analysis of organisational controls in service-oriented business processes. J Inf Assur Secur 2(1)

  48. Sebastiani R (2007) Lazy satisfiability modulo theories. J Satisfiability Boolean Model Comput 3: 141–224

    MathSciNet  MATH  Google Scholar 

  49. Stahl C (2005) A petri net semantics for BPEL. Technical Report 188, Humbolt-Universität zu Berlin

  50. Stoller SD, Yang P, Ramakrishnan C, Gofman MI (2007) Efficient policy analysis for administrative role-based access control. In: Proceedings of 20th IEEE computer security foundations workshop (CSFW)

  51. Tinelli C, Zarba CG (2005) Combining non-stably infinite theories. J Autom Reason 34(3)

  52. Tools4bpel Home Page. http://www2.informatik.hu-berlin.de/top/tools4bpel

  53. Tsai WT, Liu X, Chen Y (2005) Distributed policy specification and enforcement in service-oriented business systems. In: ICEBE ’05: Proceedings of the IEEE international conference on e-business engineering. IEEE Computer Society, Washington, DC, USA, pp 10–17

  54. Tsai WT, Liu X, Chen Y, Paul R (2005) Simulation verification and validation by dynamic policy enforcement. In: ANSS ’05: Proceedings of the 38th annual Symposium on Simulation. IEEE Computer Society, Washington, DC, USA, pp 91–98

  55. Tsai W-T, Zhou X, Wei X (2008) A policy enforcement framework for verification and control of service collaboration. Inf Syst E-Bus Manag 6(1): 83–107

    Article  Google Scholar 

  56. van der Aalst WMP (1998) The application of Petri nets to workflow management. J circuits syst comput 8(1): 21–66

    Article  Google Scholar 

  57. Veanes M, Bjoerner N, Raschke A (2008) An SMT approach to bounded reachability analysis of model programs. In: Proceedings of FORTE’08, LNCS 5048. Springer

  58. Yices Home Page. http://yices.csl.sri.com

  59. Z3 Home Page. http://research.microsoft.com/en-us/um/redmond/projects/z3/

  60. Zhang N, Ryan MD, Guelev D (2005) Evaluating access control policies through model checking. In: Proceedings of ISC’05, LNCS 3650. Springer, pp 446–460

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Luca Viganò.

Additional information

Part of this work was carried out while S. Ranise was employed at the Department of Computer Science of the University of Verona.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Barletta, M., Ranise, S. & Viganò, L. A declarative two-level framework to specify and verify workflow and authorization policies in service-oriented architectures. SOCA 5, 105–137 (2011). https://doi.org/10.1007/s11761-010-0073-4

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11761-010-0073-4

Keywords

Navigation