Zhang Yuan,Sun Meng

DOI: https://doi.org/10.1109/ICSESS.2011.5982244

2011-01-01

Abstract:We use a scenario-based visual notation, called Policy Sequence Chart (PSC), for specifying security policies in service coordination. A security policy defines a set of security requirements that correspond to permissions, prohibitions and obligations to some executions when some contextual conditions are satisfied. In this paper, we propose an approach of defining operational semantics of PSCs in terms of constraint automata, which can be used as the semantic foundation for checking compliance between service coordination and the security policies.An

Sun Meng,Farhad Arbab

DOI: https://doi.org/10.1016/j.entcs.2009.10.028

2009-01-01

Electronic Notes in Theoretical Computer Science

Abstract:The complex interactions that appear in service-oriented computing make coordination a key concern in service-oriented systems. Over the past years, the need for high-confidence coordination mechanisms has intensified as new technologies have appeared for the development of service-oriented applications, making formalization of coordination mechanisms critical. Unifying Theories of Programming (UTP) provide a formal semantic foundation not only for programming languages but also for various expressive specification languages. A key concept in UTP is design: the familiar pre/post-condition pair that describes the contract. In this paper we use UTP to formalize Reo connectors, whereby connectors are interpreted by designs in UTP. This model can be used as a reference document for developing tool support for Reo, such as a test case generator. It can also be used as a semantic foundation for proving properties of connectors, such as equivalence and refinement relations between connectors.

Sun Meng,Farhad Arbab,Bernhard K. Aichernig,Lacramioara Astefanoaei,Frank S. de Boer,Jan Rutten

DOI: https://doi.org/10.1016/j.scico.2011.04.002

IF: 1.039

2012-01-01

Science of Computer Programming

Abstract:Over the past years, the need for high-confidence coordination mechanisms has intensified as new technologies have appeared for the development of service-oriented applications, making formalization of coordination mechanisms critical. Unifying Theories of Programming (UTP) provide a formal semantic foundation not only for programming languages but also for various expressive specification languages. A key concept in UTP is design: the familiar pre/post-condition pair that describes a contract. In this paper we use UTP to formalize Reo connectors, whereby connectors are interpreted as designs in UTP. This model can be used as a semantic foundation for proving properties of connectors, such as equivalence and refinement relations between connectors. Furthermore, it can be used as a reference document for developing tool support for Reo, such as test case generators. A fault-based method to generate test cases for component connectors from specifications is also provided in this paper. For connectors, faults are caused by possible errors during the development process, such as wrongly used channels, missing or redundant subcircuits, or circuits with wrongly constructed topology. We give test cases and connectors a unifying formal semantics by using the notion of design in UTP, and generate test cases by solving constraints obtained from a specification and a faulty implementation. A prototype serves to demonstrate the automatization of the approach.

CAO Dong-gang,MEI Hong,CAO Jian-nong

DOI: https://doi.org/10.1360/jos161378

2005-01-01

Journal of Software

Abstract:Connector is an important concept in software architecture design, but it doesn’t get explicit support from runtime. This paper describes the work on supporting user-defined connector in J2EE application server PKUAS. The PKUAS connector model takes advantage of the Aspect technology. A construct named Advice is used to model crosscutting concerns related to interaction behaviours. These advices are organized into connector and are invoked dynamically at runtime. At deployment time, PKUAS will generate a client-side connector object and publish it to a naming service. Application clients download the connector object to a local machine to manage the component interactions. Runtime connectors correspond well to those in the design time, thus narrowing the concept gap greatly. This flexible and modular approach effectively facilitates the separation of concerns.

Chen Jianfei,Han Weili

DOI: https://doi.org/10.3969/j.issn.1000-386X.2012.03.052

2012-01-01

Abstract:In Web Service composition,the access control policies are usually defined by external sub-services for protecting safe use of resources,while in composite scripts there are the complex control logic structure as well.These two factors make it extremely complicated for a system security administrator to specify the access control policies for composite services.In this paper we propose a condition-based access control policy model and the related policy composition algebra,and map the control structures familiar in WS-BPEL to corresponding policy composition expression,then construct the access control policies of the composite service based on the composition of access control policies of external sub-services.Finally,we design a prototype to depict the total process of policy composition.

James A. Hoagland,Raju Pandey,Karl N. Levitt

DOI: https://doi.org/10.48550/arXiv.cs/9809124

1998-10-01

Abstract:A security policy states the acceptable actions of an information system, as the actions bear on security. There is a pressing need for organizations to declare their security policies, even informal statements would be better than the current practice. But, formal policy statements are preferable to support (1) reasoning about policies, e.g., for consistency and completeness, (2) automated enforcement of the policy, e.g., using wrappers around legacy systems or after the fact with an intrusion detection system, and (3) other formal manipulation of policies, e.g., the composition of policies. We present LaSCO, the Language for Security Constraints on Objects, in which a policy consists of two parts: the domain (assumptions about the system) and the requirement (what is allowed assuming the domain is satisfied). Thus policies defined in LaSCO have the appearance of conditional access control statements. LaSCO policies are specified as expressions in logic and as directed graphs, giving a visual view of policy. LaSCO has a simple semantics in first order logic (which we provide), thus permitting policies we write, even for complex policies, to be very perspicuous. LaSCO has syntax to express many of the situations we have found to be useful on policies or, more interesting, the composition of policies. LaSCO has an object-oriented structure, permitting it to be useful to describe policies on the objects and methods of an application written in an object-oriented language, in addition to the traditional policies on operating system objects. A LaSCO specification can be automatically translated into executable code that checks an invocation of a program with respect to a policy. The implementation of LaSCO is in Java, and generates wrappers to check Java programs with respect to a policy.

Cryptography and Security

Farhad Arbab,Tom Chothia,Sun Meng,Young-Joo Moon

DOI: https://doi.org/10.1007/978-3-540-72794-1_16

2007-01-01

Abstract:Connectors have emerged as a powerful concept for composition and coordination of concurrent activities encapsulated as components and services. Compositional coordination models and languages serve as a means to formally specify and implement component and service connectors. They support large-scale distributed applications by allowing construction of complex component connectors out of simpler ones. Modelling, analysis, and ensuring end-to-end Quality of Service (QoS) represent key concerns in such large-scale distributed applications. In this paper we introduce a compositional model of QoS, called Quantitative Constraint Automata, that reflects the underlying architecture of component/service composition represented by the Reo connector circuits. These can support compositional reasoning about component/service connectors, modelled as Reo circuits with QoS properties.

Zhong Chen

2008-01-01

Abstract:Based on the Semantic Web technology extends the scope of policy management, In Web access control security through the reasoning of the policy to achieve the dynamic process of adjustment, presents a Web services security visit to the multi-level policy approach, for the next generation of Web services application in a useful exploration.

Lianshan Sun,Gang Huang,Yanchun Sun,Hui Song,Hong Mei

DOI: https://doi.org/10.1109/qsic.2008.4

2008-01-01

Abstract:Access control of sensitive resources is a widely used means to achieve information security. When building large-scale systems based on popular commercial component middleware, such as J2EE, a usual way to enforce access control is to define access control configurations for components in a declarative manner. These configurations can be interpreted by the J2EE security service to grant or deny access requests to components. However, it is difficult for the developers to define correct access control configurations according to complex and sometimes ambiguous real-world access control requirements. The difficulties come from mainly the complexity of configuring voluminous component methods in large-scale component based systems and some quality constraints on the configurations, for example, the completeness, consistency and performance overhead of configurations. In this paper, we propose a requirements model driven approach for automatic generation of J2EE access control configurations and demonstrate the approach in a J2EE blueprint application.

Vaibhav Gowadia,Csilla Farkas,Michiharu Kudo

DOI: https://doi.org/10.48550/arXiv.0809.5266

2008-09-30

Cryptography and Security

Abstract:Ensuring compliance of organizations to federal regulations is a growing concern. This paper presents a framework and methods to verify whether an implemented low-level security policy is compliant to a high-level security policy. Our compliance checking framework is based on organizational and security metadata to support refinement of high-level concepts to implementation specific instances. Our work uses the results of refinement calculus to express valid refinement patterns and their properties. Intuitively, a low-level security policy is compliant to a high-level security policy if there is a valid refinement path from the high-level security policy to the low-level security policy. Our model is capable of detecting violations of security policies, failures to meet obligations, and capability and modal conflicts.

Xiaohong Chen,Jun Sun,Meng Sun

DOI: https://doi.org/10.1007/978-3-319-11737-9_5

2014-01-01

Abstract:Compositional coordination models and languages play an important role in cyber-physical systems (CPSs). In this paper, we introduce a formal model for describing hybrid behaviors of connectors in CPSs. We extend the constraint automata model, which is used as the semantic model for the exogenous channel-based coordination language Reo, to capture the dynamic behavior of connectors in CPSs where the discrete and continuous dynamics co-exist and interact with each other. In addition to the formalism, we also provide a theoretical compositional approach for constructing the product automata for a Reo circuit, which is typically obtained by composing several primitive connectors in Reo.

Bernhard K. Aichernig,Farhad Arbab,Lacramioara Astefanoaei,Frank S. de Boer,Sun Meng,Jan Rutten

DOI: https://doi.org/10.1109/tase.2009.14

2009-01-01

Abstract:The complex interactions appearing in service-oriented computing make coordination a key concern in service-oriented systems. In this paper, we present a fault-based method to generate test cases for component connectors from specifications. For connectors, faults are caused by possible errors during the development process, such as wrongly used channels, missing or redundant subcircuits, or circuits with wrongly constructed topology. We give test cases and connectors a unifying formal semantics by using the notion of design, and generate test cases by solving constraints obtained from the specification and faulty connectors. A prototype symbolic test case generator serves to demonstrate the automatizing of the approach.

Guisheng Fan,Huiqun Yu,Liqiong Chen,Dongmei Liu

DOI: https://doi.org/10.1109/apscc.2011.80

2011-01-01

Abstract:Service composition is an important means for integrating the individual Web services to create new value added systems that can satisfy complex requirements. However, it is a challenge to analyze security requirements for those applications due to the uncertainty factors in distributive environment. This paper proposes an approach to modeling and analyzing security requirements of service composition. Petri nets are used to model the different components of service composition, the dynamic matching strategy of service composition is proposed. Aspect-orientation is used to weave the security requirements into service composition, which includes evaluation concern, authorization, security level outputting and access outputting. The operation semantics and related theories of Petri nets help prove its effectiveness and correctness. An example explains the modeling and analyzing process of service composition, and a series of experiments are done to explain that the use of aspects for analyzing security requirements of service composition is more efficient than conventional techniques.

Hao Zeng,Yong Wang Zhao,Dian Fu Ma

DOI: https://doi.org/10.4028/www.scientific.net/amm.644-650.2943

2014-01-01

Applied Mechanics and Materials

Abstract:With the rapid development of web services technology, the security policies defined in WS-SecurityPolicy are widely used for expressing security properties, capabilities, constraints and requirements of web services. It is well-known that security policies are crucial in the negotiation phase of service discovery and selection. However, such security policies are hard to understand and extremely error-prone, due to the complexity of the WS-SecurityPolicy specification. At the same time, because the WS-SecurityPolicy is described by natural language, there have ambiguity problem. These problem seriously hindered the development of web services policy. Therefore, this paper proposes a web services security policy description model to describe accurately and clearly security policies. The security policy model employs the formal modeling method to convert the policy assertions into the security rules.

Guisheng Fan,Huiqun Yu,Liqiong Chen,Dongmei Liu

DOI: https://doi.org/10.1109/APSEC.2010.29

2010-01-01

Abstract:Service composition is an effective way to achieve value-added service, which has found wide application in various areas. security design at architecture level is critical to achieve high assurance for these applications. However, most security design techniques for service composition were in ad hoc fashion and fell short in precise notations. This paper proposes a formal aspect-oriented approach to designing and analyzing secure service composition. The underlying formalism is Petri net and its modeling method, and focuses on the service authorization, implementation trace ability, data protection and fault handling. Aspect specification provides means to observe behaviors of basic aspect schema, and to describe their interrelationship, while the weaving mechanism systematically integrates these schemas into a complete service composition model. Based on this, the security and fault recovery mechanism of service composition are analyzed, and its correctness and effectiveness are proved. A case study of Export Service demonstrates the approach can simplify the modeling process and improve the design quality.

Nan Sang,Xinyong Wu,GuangZe Xiong

2004-01-01

Journal of Information and Computational Science

Abstract:Resolution of integration of multi security policies plays an important role in secure-critical computer systems which support multi security policies. In this paper, a security state transition model is built by means of formal method, the different effects resulting from security-depended actions of different policies on security states is analyzed and a new approach to solve the integration and consistency of multi-policies is presented.

Cataldo Basile,Gabriele Gatti,Francesco Settanni

2024-05-06

Abstract:Enforcing security requirements in networked information systems relies on security controls to mitigate the risks from increasingly dangerous threats. Configuring security controls is challenging; even nowadays, administrators must perform it without adequate tool support. Hence, this process is plagued by errors that translate to insecure postures, security incidents, and a lack of promptness in answering threats. This paper presents the Security Capability Model (SCM), a formal model that abstracts the features that security controls offer for enforcing security policies, which includes an Information Model that depicts the basic concepts related to rules (i.e., conditions, actions, events) and policies (i.e., conditions' evaluation, resolution strategies, default actions), and a Data Model that covers the capabilities needed to describe different types of filtering and channel protection controls. Following state-of-the-art design patterns, the model allows for generating abstract versions of the security controls' languages and a model-driven approach for translating abstract policies into device-specific configuration settings. By validating its effectiveness in real-world scenarios, we show that SCM enables the automation of different and complex security tasks, i.e., accurate and granular security control comparison, policy refinement, and incident response. Lastly, we present opportunities for extensions and integration with other frameworks and models.

Cryptography and Security

Hao Zeng,Dianfu Ma,Yongwang Zhao,Zhuqing Li

DOI: https://doi.org/10.1007/s11761-013-0143-5

2013-01-01

Abstract:Due to the dynamic, heterogeneous and interorganizational nature, different web services and different ports or operations in the same service, even the same services at different times may have their different security requirements because of their different security domains and different business backgrounds. How to design a flexible, fine-grained and comprehensive architecture for web services security processing has become a matter of great urgency. However, no ideal solutions have been worked out for these problems. As a result of our study, we have presented in this paper a policy-based architecture termed policy-based architecture for web services security processing (PBA4WSSP) to meet the dynamic, complete and fine-grained security requirements. In PBA4WSSP, the processing of all security problems is based on security policy in service stage to support flexibly security configuration. Moreover, we have designed a service policy model to describe the fine-grained security requirements. And the conversion method between security policy model and security policy expression has also been described. In addition, a staged complete security processing architecture is provided to reduce the dependency among protocol implementations. Furthermore, with PBA4WSSP, a web service security module has been designed and implemented as well. Eventually, the performance evaluation results amply demonstrate that our system is flexible and usable.

Ting Yu,Dhivya Sivasubramanian,Tao Xie

DOI: https://doi.org/10.1145/1558607.1558623

2009-01-01

Abstract:Access control is one of the fundamental security mechanisms for information systems. It determines the availability of resources to principals, operations that can be performed, and under what circumstances. Traditionally the enforcement of access control is often hardcoded in applications or systems; such hardcoding makes it hard to verify the correctness of access control and to accommodate changes of security requirements. Recently, access control policies have been increasingly separated from enforcement mechanisms. An access control policy is explicitly specified using certain policy languages with well-defined syntax and semantics. An application then consults the policy during runtime to determine whether an access request from a principal should be allowed or denied. There are two main advantages of this approach. First, security officers can now perform systematic and formal security analysis on access control policies. Second, by separating policies from enforcement mechanisms, it is possible to change policies without affecting the underlying mechanisms, and vice versa.

Dong-Hong Xu,Yong Qi,Di Hou,Gong-Zhen Wang,Ying Chen

DOI: https://doi.org/10.1109/cit.2008.4594759

2008-01-01

Abstract:There is a pressing need for secure services composition in agenda transactions. Orchestration and choreography language provide basic services and interaction, collaboration, and negotiation standards among services, but they don't give any secure manners or secure operation styles and specifications. Despite the interest of such security mechanisms, a formal module of them is still lacking. For giving a general guide to implement secure orchestration and secure choreography, we give a formal approach for carrying out this goal. To those targets, we address those by designing an extension of the Spi calculus with Secure Global Calculus. The Spi calculus precisely identifies orchestration secure properties of each principal from a local viewpoint. The secure global calculus describes an interaction secure choreography scenario from a vantage point of view. We called our framework SpiG4WSC calculus. We believe that the combination of strong practical needs for dynamic secure Web services composition and the theoretical foundations will lead to a bridge between practice and theories.