Abstract
We present, in this paper, a role-based model for programming distributed CSCW systems. This model supports specification of dynamic security and coordination requirements in such systems. We also present here a model-checking methodology for verifying the security properties of a design expressed in this model. The verification methodology presented here is used to ensure correctness and consistency of a design specification. It is also used to ensure that sensitive security requirements cannot be violated when policy enforcement functions are distributed among the participants. Several aspect-specific verification models are developed to check security properties, such as task-flow constraints, information flow, confidentiality, and assignment of administrative privileges.
- Ahmed, T. 2004. Policy-Based Design of Secure Distributed Collaboration Systems. Ph.D. thesis, University of Minnesota. Available at http://www.cs.umn.edu/Ajanta/publications.html. Google ScholarDigital Library
- Ahmed, T. and Tripathi, A. R. 2003. Static verification of security requirements in role based CSCW systems. In Proceedings of 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003). ACM, New York. 196--203. Google ScholarDigital Library
- Ahn, G.-J. and Sandhu, R. 2000. Role-based authorization constraints specification. ACM Transactions on Information and System Security 3, 4 (Nov.), 207--226. Google ScholarDigital Library
- Atluri, V. and Huang, W.-K. 1996. An authorization model for workflows. In Proceedings of the Fourth European Symposium on Research in Computer Security. Springer-Verlag LNCS Volume 1146, London, UK, 44--64. Google ScholarDigital Library
- Bacon, J., Moody, K., and Yao, W. 2002. A model of OASIS role-based access control and its support for active security. ACM Transactions on Information and System Security 5, 4 (Nov.), 492--540. Google ScholarDigital Library
- Bertino, E., Ferrari, E., and Atluri, V. 1999. The specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information and System Security 2, 1 (Feb.), 65--104. Google ScholarDigital Library
- Bertino, E., Bonatti, P. A., and Ferrari, E. 2001. TRBAC: A temporal role-based access control model. ACM Transactions on Information and System Security 4, 3 (Aug.), 191--223. Google ScholarDigital Library
- Bhatti, R., Ghafoor, A., Bertino, E., and Joshi, J. 2005. X-GTRBAC: An XML-based policy specification framework and architecture for enterprise-wide access control. ACM Transactions on Information and System Security 8, 2 (May), 187--227. Google ScholarDigital Library
- Campbell, R. H. and Habermann, A. N. 1974. The specification of process synchronization by path expressions. In Operating Systems, International Symposium, Rocquencourt. Lecture Notes in Computer Science vol.16, Springer Verlag, London, UK. Google ScholarDigital Library
- Corts, M. and Mishra, P. 1996. DCWPL: A programming language for describing collaborative work. In Proceedings of CSCW'96. ACM, New York. 21--29. Google ScholarDigital Library
- Crampton, J. 2003. Specifying and enforcing constraints in role-based access control. In Proceedings of 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003). ACM, New York. 43--50. Google ScholarDigital Library
- Crampton, J. 2004. An algebraic approach to the analysis of constrained workflow systems. In Proceedings of 3rd Workshop on Foundations of Computer Security. 61--74.Google Scholar
- Crampton, J. and Loizou, G. 2003. Administrative scope: A foundation for role-based administrative models. ACM Transactions on Information and System Security 6, 2 (May), 201--231. Google ScholarDigital Library
- Demurjian, S., Ting, T., and Thuraisingham, B. 1993. User-role based security for collaborative computing environments. Multimedia Review 4, 2 (Summer), 40--47.Google Scholar
- Eshuis, R. and Wieringa, R. 2002. Verification support for workflow design with UML activity graphs. In Proceedings of International Conference on Software Engineering. ACM, New York. 166--176. Google ScholarDigital Library
- Giuri, L. and Iglio, P. 1997. Role templates for content-based access control. In Proceedings of the Second ACM Workshop on Role-Based Access Control. ACM, New York. 153--159. Google ScholarDigital Library
- Greif, I. and Sarin, S. 1987. Data sharing in group work. ACM Transactions on Information Systems 5, 2, 187--211. Google ScholarDigital Library
- Hansen, F. and Oleshchuk, V. A. 2005. Conformance checking of RBAC policy and its implementation. In First Information Security Practice and Experience Conference (ISPEC 2005). 144--155. Google ScholarDigital Library
- Holzmann, G. J. 2003. SPIN Model Checker, The: Primer and Reference Manual. Addison Wesley Professional, New York. Google ScholarDigital Library
- Huang, W.-K. and Atluri, V. 1999. SecureFlow: A secure web-enabled workflow management system. In ACM Workshop on Role-Based Access Control. ACM, New York. 83--94. Google ScholarDigital Library
- Jaeger, T. and Tidswell, J. E. 2001. Practical safety in flexible access control models. ACM Transactions on Information and System Security 4, 2 (May), 158--190. Google ScholarDigital Library
- Jajodia, S., Samarati, P., and Subrahmanian, V. S. 1997. A logical language for expressing authorizations. In IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA. 31--42. Google ScholarDigital Library
- Janssen, W., Mateescu, R., Mauw, S., and Springintveld, J. 1998. Verifying business processes using Spin. In Proceedings of 4th International SPIN Workshop.Google Scholar
- Koch, M., Mancini, L. V., and Parisi-Presicce, F. 2002. A graph-based formalism for RBAC. ACM Transactions on Information and System Security 5, 3 (Aug.), 332--365. Google ScholarDigital Library
- Kotonya, G. and Sommerville, I. 1998. Requirements Engineering: Processes and Techniques. Wiley, New York. Google ScholarDigital Library
- Li, D. and Muntz, R. 1998. COCA: Collaborative objects coordination architecture. In Proceedings of CSCW'98. ACM, New York. 179--188. Google ScholarDigital Library
- Li, N., Mitchell, J. C., and Winsborough, W. H. 2002. Design of a role-based trust management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA. 114--130. Google ScholarDigital Library
- Li, N., Winsborough, W. H., and Mitchell, J. 2003. Beyond proof-of-compliance: Safety and availability analysis in trust management. In Proceedings of the 2003 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA. 123--139. Google ScholarDigital Library
- Lupu, E. C. and Sloman, M. 1997. Reconciling role-based management and role-based access control. In ACM Workshop on Role-based Access Control. ACM, New York. 135--141. Google ScholarDigital Library
- Maggi, P. and Sisto, R. 2002. Using SPIN to verify security protocols. In Proceedings of 9th Int. SPIN Workshop on Model Checking of Software, LNCS 2318. 187--204. Google ScholarDigital Library
- Myers, A. C. and Liskov, B. 2000. Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology 9, 4, 410--442. Google ScholarDigital Library
- Nyanchama, M. and Osborn, S. 1999. The role graph model and conflict of interest. ACM Transaction on Information System Security 2, 1 (Feb.), 3--33. Google ScholarDigital Library
- Oh, S. and Sandhu, R. 2002. A model for role administration using organization structure. In ACM Symposium on Access Control Models and Technologies. ACM, New York. 155--162. Google ScholarDigital Library
- Osborn, S. L. 2002. Information flow analysis of an RBAC system. In ACM Symposium on Access Control Models and Technologies. ACM, New York. 163--168. Google ScholarDigital Library
- Reiter, M. and Gong, L. 1995. Securing causal relationships in distributed systems. The Computer Journal 38, 8, 633--642.Google ScholarCross Ref
- Roberts, P. and Verjus, J.-P. 1977. Towards autonomous descriptions of synchronization modules. In Proceedings of IFIP Congress. North-Holland, Amsterdam. 981--986.Google Scholar
- Sampemane, G., Naldurg, P., and Campbell, R. H. 2002. Access control for active spaces. In Proceedings of the 18th Annual Computer Security Applications Conference. 343--352. Google ScholarDigital Library
- Sandhu, R. S. 1988. Transaction control expressions for separation of duties. In Fourth Annual Computer Security Application Conference. 282--286.Google ScholarCross Ref
- Sandhu, R., Bhamidipati, V., and Munawer, Q. 1999. The ARBAC97 model for role-based administration of roles. ACM Transactions on Information and System Security 2, 1 (Feb.), 105--135. Google ScholarDigital Library
- Sandhu, R., Coyne, E., Feinstein, H., and Youman, C. 1996. Role-based access control models. IEEE Computer 29, 2 (Feb.), 38--47. Google ScholarDigital Library
- Sandhu, R., Ferraiolo, D., and Kuhn, R. 2000. The NIST model for role-based access control: towards a unified standard. In Proceedings of the Fifth ACM Workshop on Role-Based Access Control. ACM, New York. 47--63. Google ScholarDigital Library
- Simon, R. and Zurko, M. 1997. Separation of duty in role-based environments. In 10th Computer Security Foundations Workshop. IEEE Computer Society Press, Los Alamitos, CA. 183--194. Google ScholarDigital Library
- Thomas, R. K. 1997. Team-based access control (TMAC): A primitive for applying role-based access controls in collaborative environments. In ACM Workshop on Role-based Access Control. ACM, New York. 13--19. Google ScholarDigital Library
- Tripathi, A., Ahmed, T., Kumar, R., and Jaman, S. 2002. Design of a policy-driven middleware for secure distributed collaboration. In Proceedings of International Conference on Distributed Computing Systems 2002. IEEE Computer Society Press, Los Alamitos, CA. 393--400. Google ScholarDigital Library
- Tripathi, A., Ahmed, T., and Kumar, R. 2003. Specification of secure distributed collaboration systems. In IEEE International Symposium on Autonomous Distributed Systems. IEEE Computer Society Press, Los Alamitos, CA. 149--156. Google ScholarDigital Library
- Zakinthinos, A. and Lee, E. 1997. A general theory of security properties. In IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA. 94--102. Google ScholarDigital Library
Index Terms
- Specification and verification of security requirements in a programming model for decentralized CSCW systems
Recommendations
Static verification of security requirements in role based CSCW systems
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologiesIn this paper, we present static verification of security requirements for CSCW systems using finite-state techniques, i.e., model checking. The coordination and security constraints of CSCW systems are specified using a role based collaboration model. ...
Flexible access control policy specification with constraint logic programming
We show how a range of role-based access control (RBAC) models may be usefully represented as constraint logic programs, executable logical specifications. The RBAC models that we define extend the "standard" RBAC models that are described by Sandhu et ...
End-to-end verification of information-flow security for C and assembly programs
PLDI '16: Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and ImplementationProtecting the confidentiality of information manipulated by a computing system is one of the most important challenges facing today's cybersecurity community. A promising step toward conquering this challenge is to formally verify that the end-to-end ...
Comments