Integrated Specification and Verification of Security Protocols and Policies
Open access
Datum
2010Typ
- Report
ETH Bibliographie
yes
Altmetrics
Abstract
We propose a language for formal specification of serviceoriented architectures. The language supports the integrated specification of communication level events, policy level decisions, and the interaction between the two. We show that the reachability problem is decidable for a fragment of service-oriented architectures. The decidable fragment is well suited for specifying, and reasoning about, securitysensitive architectures. In the decidable fragment, the attacker controls the communication media. The policies of services are centered around the trust application and trust delegation rules, and can also express rbac systems with role hierarchy. The fragment is of immediate practical relevance: we have specified and verified a number of security-sensitive architectures stemming from the e-government domain. Mehr anzeigen
Persistenter Link
https://doi.org/10.3929/ethz-a-006935684Publikationsstatus
publishedZeitschrift / Serie
Technical Report / ETH Zurich, Department of Computer ScienceBand
Verlag
ETH, Department of Computer ScienceThema
SPEZIFIKATIONEN (SOFTWARE ENGINEERING); VERIFICATION (SOFTWARE ENGINEERING); DATA SECURITY + DATA PROTECTION (OPERATING SYSTEMS); NETWORK PROTOCOLS + COMMUNICATION PROTOCOLS (COMPUTER SYSTEMS); NETZWERKPROTOKOLLE + KOMMUNIKATIONSPROTOKOLLE (COMPUTERSYSTEME); SPECIFICATIONS (SOFTWARE ENGINEERING); VERIFIKATION (SOFTWARE ENGINEERING); DATENSICHERHEIT + DATENSCHUTZ (BETRIEBSSYSTEME)Organisationseinheit
02150 - Dep. Informatik / Dep. of Computer Science03634 - Basin, David / Basin, David
Anmerkungen
Technical Reports D-INFK.ETH Bibliographie
yes
Altmetrics