Specification and verification of security requirements in a programming model for decentralized CSCW systems

ACM Transactions on Information and System Security

Volumn 10, Issue 2, 2007, Pages

  Ahmed, Tanvir ^a,b   Tripathi, Anand R ^a,b  

^a UNIVERSITY OF MINNESOTA   (United States)

^b University of Minnesota   (United States)

Author keywords

Finite state based model checking; Methodology for access control policy design; Role based access control; Security policy specification

Indexed keywords

ACCESS-CONTROL POLICY DESIGN; DYNAMIC SECURITY; ROLE BASED ACCESS CONTROL; SECURITY POLICY SPECIFICATION; TASK FLOW CONSTRAINTS;

ACCESS CONTROL; DATA FLOW ANALYSIS; MATHEMATICAL MODELS; MODEL CHECKING; PUBLIC POLICY;

COMPUTER PROGRAMMING;

EID: 34249723796     PISSN: 10949224     EISSN: 15577406     Source Type: Journal    
DOI: 10.1145/1237500.1237503     Document Type: Article

References (46)

1. AHMED, T. 2004. Policy-Based Design of Secure Distributed Collaboration Systems. Ph.D. thesis, University of Minnesota. Available at http://www.cs.umn.edu/Ajanta/publications.html.
2. AHMED, T. AND TRIPATHI, A. R. 2003. Static verification of security requirements in role based CSCW systems. In Proceedings of 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003). ACM, New York. 196-203.
3. AHN, G.-J. AND SANDHU, R. 2000. Role-based authorization constraints specification. ACM Transactions on Information and System Security 3, 4 (Nov.), 207-226.
4. ATLURI, V. AND HUANG, W.-K. 1996. An authorization model for workflows. In Proceedings of the Fourth European Symposium on Research in Computer Security. Springer-Verlag LNCS Volume 1146, London, UK, 44-64.
5. BACON, J., MOODY, K., AND YAO, W. 2002. A model of OASIS role-based access control and its support for active security. ACM Transactions on Information and System Security 5, 4 (Nov.), 492-540.
6. BERTINO, E., FERRARI, E., AND ATLURI, V. 1999. The specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information and System Security 2, 1 (Feb.), 65-104.
7. BERTINO, E., BONATTI, P. A., AND FERRARI, E. 2001. TRBAC: A temporal role-based access control model. ACM Transactions on Information and System Security 4, 3 (Aug.), 191-223.
8. BHATTI, R., GHAFOOR, A., BERTINO, E., AND JOSHI, J. 2005. X-GTRBAC: An XML-based policy specification framework and architecture for enterprise-wide access control. ACM Transactions on Information and System Security 8, 2 (May), 187-227.
9. CAMPBELL, R. H. AND HABERMANN, A. N. 1974. The specification of process synchronization by path expressions. In Operating Systems, International Symposium, Rocquencourt. Lecture Notes in Computer Science vol.16, Springer Verlag, London, UK.
10. CORTS, M. AND MISHRA, P. 1996. DCWPL: A programming language for describing collaborative work. In. Proceedings of CSCW'96. ACM, New York. 21-29.
11. CRAMPTON, J. 2003. Specifying and enforcing constraints in role-based access control. In Proceedings of 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003). ACM, New York. 43-50.
12. CRAMPTON, J. 2004. An algebraic approach to the analysis of constrained workflow systems. In Proceedings of 3rd Workshop on Foundations of Computer Security. 61-74.
13. CRAMPTON, J. AND LOIZOU, G. 2003. Administrative scope: A foundation for role-based administrative models. ACM Transactions on Information and System. Security 6, 2 (May), 201-231.
14. DEMURJIAN, S., TING, T., AND THURAISINGHAM, B. 1993. User-role based security for collaborative computing environments. Multimedia Review 4, 2 (Summer), 40-47.
15. ESHUIS, R. AND WIERINGA, R. 2002. Verification support for workflow design with UML activity graphs. In Proceedings of International Conference on Software Engineering. ACM, New York. 166-176.
16. GIURI, L. AND IGLIO, P. 1997. Role templates for content-based access control. In Proceedings of the Second ACM Workshop on Role-Based Access Control. ACM, New York. 153-159.
17. GREIF, I. AND SARIN, S. 1987. Data sharing in group work. ACM Transactions on Information Systems 6, 2, 187-211.
18. HANSEN, F. AND OLESHCHUK, V. A. 2005. Conformance checking of RBAC policy and its implementation. In First Information Security Practice and Experience Conference (ISPEC 2005). 144-155.
19. HOLZMANN, G. J. 2003. SPIN Model Checker, The: Primer and Reference Manual. Addison Wesley Professional, New York.
20. HUANG, W.-K. AND ATLURI, V. 1999. SecureFlow: A secure web-enabled workflow management system. In ACM Workshop on Role-Based Access Control. ACM, New York. 83-94.
21. JAEGER, T. AND TIDSWELL, J. E. 2001. Practical safety in flexible access control models. ACM Transactions on Information and System Security 4, 2 (May), 158-190.
22. JAJODIA, S., SAMARATI, P., AND SUBRAHMANIAN, V. S. 1997. A logical language for expressing authorizations. In IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA. 31-42.
23. JANSSEN, W., MATEESCU, R., MAUW, S., AND SPRINGINTVELD, J. 1998. Verifying business processes using Spin. In Proceedings of 4th International SPIN Workshop.
24. KOCH, M., MANCINI, L. V., AND PARISI-PHESICCE, F. 2002. A graph-based formalism for RBAC. ACM Transactions on Information and System Security 5, 3 (Aug.), 332-365.
25. KOTONYA, G. AND SOMMERVILLE, I. 1998. Requirements Engineering: Processes and Techniques. Wiley, New York.
26. LI, D. AND MUNTZ, R. 1998. COCA: Collaborative objects coordination architecture. In Proceedings of CSCW'98. ACM, New York. 179-188.
27. LI, N., MITCHELL, J. C., AND WINSBOROUGH, W. H. 2002. Design of a role-based trust management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos, CA. 114-130.
28. LI, N., WINSBOROUGH, W. H., AND MITCHELL, J. 2003. Beyond proof-of-compliance: Safety and availability analysis in trust management. In Proceedings of the 2003 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA. 123-139.
29. LUPU, E. C. AND SLOMAN, M. 1997. Reconciling role-based management and role-based access control. In ACM Workshop on Role-based Access Control. ACM, New York. 135-141.
30. MAGGI, P. AND SISTO, R. 2002. Using SPIN to verify security protocols. In Proceedings of 9th Int. SPIN Workshop on Model Checking of Software, LNCS 2318. 187-204.
31. MYERS, A. C. AND LISKOV, B. 2000. Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology 9, 4, 410-442.
32. NYANCHAMA, M. AND OSBORN, S. 1999. The role graph model and conflict of interest. ACM Transaction on Information System Security 2, 1 (Feb.), 3-33.
33. OH, S. AND SANDHU, R. 2002. A model for role administration using organization structure. In ACM Symposium on Access Control Models and Technologies. ACM, New York. 155-162.
34. OSBORN, S. L. 2002. Information flow analysis of an RBAC system. In ACM Symposium on Access Control Models and Technologies. ACM, New York. 163-168.
35. REITER, M. AND GONG, L. 1995. Securing causal relationships in distributed systems. The Computer Journal 38, 8, 633-642.
36. ROBERTS, P. AND VERJUS, J.-P. 1977. Towards autonomous descriptions of synchronization modules. In Proceedings of IFIP Congress. North-Holland, Amsterdam. 981-986.
37. SAMPEMANE, G., NALDURG, P., AND CAMPBELL, R. H. 2002. Access control for active spaces. In Proceedings of the 18th Annual Computer Security Applications Conference. 343-352.
38. SANDHU, R. S. 1988. Transaction control expressions for separation of duties. In Fourth Annual Computer Security Application Conference. 282-286.
39. SANDHU, R., BHAMIDIPATI, V., AND MUNAWER, Q. 1999. The ARBAC97 model for role-based administration of roles. ACM Transactions on Information and System Security 2, 1 (Feb.), 105-135.
40. SANDHU, R., COYNE, E., FEINSTEIN, H., AND YOUMAN, C. 1996. Role-based access control models. IEEE Computer 29, 2 (Feb.), 38-47.
41. SANDHU, R., FERRAIOLO, D., AND KUHN, R. 2000. The NIST model for role-based access control: towards a unified standard. In Proceedings of the Fifth ACM Workshop on Role-Based Access Control. ACM, New York. 47-63.
42. SIMON, R. AND ZURKO, M. 1997. Separation of duty in role-based environments. In 10th Computer Security Foundations Workshop. IEEE Computer Society Press, Los Alamitos, CA. 183-194.
43. THOMAS, R. K. 1997. Team-based access control (TMAC): A primitive for applying role-based access controls in collaborative environments. In ACM Workshop on Role-based Access Control. ACM, New York. 13-19.
44. TRIPATHI, A., AHMED, T., KUMAR, R., AND JAMAN, S. 2002. Design of a policy-driven middleware for secure distributed collaboration. In Proceedings of International Conference on Distributed Computing Systems 2002. IEEE Computer Society Press, Los Alamitos, CA. 393-400.
45. TRIPATHI, A., AHMED, T., AND KUMAR, R. 2003. Specification of secure distributed collaboration systems. In IEEE International Symposium on Autonomous Distributed Systems. IEEE Computer Society Press, Los Alamitos, CA. 149-156.
46. ZAKINTHINOS, A. AND LEE, E. 1997. A general theory of security properties. In IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA. 94-102.