Static verification of security requirements in role based CSCW systems

Proceedings of ACM Symposium on Access Control Models and Technologies (SACMAT 2002)

Volumn , Issue , 2003, Pages 196-203

  Ahmed, Tanvir ^a   Tripathi, Anand R ^a  

^a University of Minnesota   (United States)

Author keywords

Finite state based model checking; Methodology for access control policy design; Role based access control; Security policy specification

Indexed keywords

CONSTRAINT THEORY; DATA ACQUISITION; KNOWLEDGE BASED SYSTEMS; MATHEMATICAL MODELS; SECURITY OF DATA;

ROLE BASED ACCESS CONTROL; SECURITY POLICY SPECIFICATION; STATIC VERIFICATION;

COMPUTER SUPPORTED COOPERATIVE WORK;

EID: 0242709308     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/775412.775438     Document Type: Conference Paper

References (28)

1. J. Bacon, K. Moody, and W. Yao. A Model of OASIS Role-Based Access Control and its Support for Active Security. ACM Transactions on Information and System Security (TISSEC), 5(4):492 - 540, November 2002.
2. E. Bertino, E. Ferrari, and V. Atluri. A Flexible Model Supporting the Specification and Enforcement of Role-based Authorizations in Workflow Management Systems. In ACM Workshop on Role-based Access Control, pages 1-12, 1997.
3. R. H. Campbell and A. N. Habermann. The Specification of Process Synchronization by Path Expressions. In Operating Systems, International Symposium, Rocquencourt. Lecture Notes in Computer Science vol.16, Springer Verlag, April 1974.
4. S. Castano, P. Samarati, and C. Villa. Verifying System Security Using Petri Nets. In Security Technology, 1993. Security Technology, Proceedings. Institute of Electrical and Electronics Engineers 1993 International Carnahan Conference on, pages 244-250, Oct 1993.
5. J. C. Corbett, M. B. Dwyer, J. Hatcliff, S. Laubach, C. S. Pǎsǎreanu, Robby, and H. Zheng. Bandera: Extracting Finite-State Models from Java Source Code. In Proc. of ICSE'2000, pages 439 - 448, 2000.
6. D. E. R. Denning. Cryptography and Data Security. Addison-Wesley, 1982.
7. R. Eshuis and R. Wieringa. Verification Support for Workflow Design with UML Activity Graphs. In Proc. of ICSE'2002, pages 166 - 176, 2002.
8. S. Foley and J. Jacob. Specifying Security for Computer Supported Collaborative Computing. Journal of Computer Security, 3(4):233-253, 1995.
9. M. A. Harrison, W. L. Ruzzo, and J. D. Ullman. Protection in Operating Systems. Communications of the ACM, 19(8):461 - 471, August 1976.
10. G. J. Holzmann. The Model Checker SPIN. IEEE Transactions on Software Engineering, 23(5):279-295, May 1997.
11. T. Jaeger and J. E. Tidswell. Practical Safety in Flexible Access Control Models. ACM Transactions on Information and System Security (TISSEC), 4(2):158 - 190, May 2001.
12. W. Janssen, R. Mateescu, S. Mauw, and J. Springintveld. Verifying Business Processes using Spin. In Proc. of 4th International SPIN Workshop, 1998.
13. E. C. Lupu and M. Sloman. Reconciling Role-Based Management and Role-Based Access Control. In ACM Workshop on Role-based Access Control, pages 135-141, 1997.
14. P. Maggi and R. Sisto. Using SPIN to Verify Security Protocols. In Proc. of 9th Int. SPIN Workshop on Model Checking of Software, LNCS 2318, pages 187-204, 2002.
15. P. Muth, D. Wodtke, J. Weissenfels, G. Weikum, and A. Kotz Dittrich. Enterprise-wide Workflow Management based on State and Activity Charts, Workflow Management Systems and Interoperability in: A. Dogac, L. Kalinichenko, T. Ozsu, A. Sheth (Eds.):. Springer Verlag, 1998.
16. A. C. Myers and B. Liskov. A Decentralized Model for Information Flow Control. In Proceedings of the Sixteenth ACM Symposium on Operating Systems Principles, pages 129 - 142, 1997.
17. M. Nyanchama and S. Osborn. The Role Graph Model and Conflict of Interest. ACM Transaction on Information System Security, 2(1):3-33, February 1999.
18. S. L. Osborn. Information Flow Analysis of an RBAC System. In ACM Symposium on Access Control Models and Technologies, pages 163 - 168, 2002.
19. P. Roberts and J.-P. Verjus. Towards Autonomous Descriptions of Synchronization Modules. In Proc. of IFIP Congress, pages 981-986, 1977.
20. P. Ryan, J. McLean, J. Millen, and V. Gligor. Non-interference, who needs it? In 14th IEEE Computer Security Foundations Workshop, pages 237-238, 2001.
21. R. Sandhu. The Typed Access Matrix Model. In IEEE Computer Society Symposium on Research in Security and Privacy, pages 122 - 136, 1992.
22. R. Sandhu, E. Coyne, H. Feinstein, and C. Youman. Role-Based Access Control Models. IEEE Computer, 29(2):38-47, February 1996.
23. L. Snyder. Formal Models of Capability-Based Protection Systems. IEEE Transactions on Computers, C-30(3):172 - 181, March 1981.
24. R. K. Thomas. Team-based Access Control (TMAC): A Primitive for Applying Role-based Access Controls in Collaborative Environments. In ACM Workshop on Role-based Access Control, pages 13 - 19, 1997.
25. R. K. Thomas and R. S. Sandhu. Conceptual Foundations for a Model of Task-based Authorizations. In IEEE Computer Security Foundations Workshop, pages 66-79, 1994.
26. A. Tripathi, T. Ahmed, and R. Kumar. Specification of Secure Distributed Collaboration Systems. In IEEE International Symposium on Autonomous Distributed Systems (ISADS), April 2003.
27. A. Tripathi, T. Ahmed, R. Kumar, and S. Jaman. Design of a Policy-Driven Middleware for Secure Distributed Collaboration. In Proc. of International Conference on Distributed Computing Systems 2002, pages 393 - 400, July 2002.
28. A. Zakinthinos and E. Lee. A General Theory of Security Properties. In IEEE Symposium on Security and Privacy, pages 94 - 102, 1997.