134 research outputs found
Possibilistic Information Flow Control for Workflow Management Systems
In workflows and business processes, there are often security requirements on
both the data, i.e. confidentiality and integrity, and the process, e.g.
separation of duty. Graphical notations exist for specifying both workflows and
associated security requirements. We present an approach for formally verifying
that a workflow satisfies such security requirements. For this purpose, we
define the semantics of a workflow as a state-event system and formalise
security properties in a trace-based way, i.e. on an abstract level without
depending on details of enforcement mechanisms such as Role-Based Access
Control (RBAC). This formal model then allows us to build upon well-known
verification techniques for information flow control. We describe how a
compositional verification methodology for possibilistic information flow can
be adapted to verify that a specification of a distributed workflow management
system satisfies security requirements on both data and processes.Comment: In Proceedings GraMSec 2014, arXiv:1404.163
Extensional and Intensional Strategies
This paper is a contribution to the theoretical foundations of strategies. We
first present a general definition of abstract strategies which is extensional
in the sense that a strategy is defined explicitly as a set of derivations of
an abstract reduction system. We then move to a more intensional definition
supporting the abstract view but more operational in the sense that it
describes a means for determining such a set. We characterize the class of
extensional strategies that can be defined intensionally. We also give some
hints towards a logical characterization of intensional strategies and propose
a few challenging perspectives
Blueprint for a Science of Cybersecurity
A secure system must defend against all possible attacks--including those
unknown to the defender. But defenders, having limited resources, typically
develop defenses only for attacks they know about. New kinds of attacks are
then likely to succeed. So our growing dependence on networked computing
systems puts at risk individuals, commercial enterprises, the public sector,
and our military
Using Partial Orders for the Efficient Verification of Deadlock Freedom and Safety Properties
This article presents an algorithm for detecting deadlocks in concurrent finite-state systems without incurring most of the state explosion due to the modeling of concurrency by interleaving. For systems that have a high level of concurrency, our algorithm can be much more efficient than the classical exploration of the whole state space. Finally, we show that our algorithm can also be used for verifying arbitrary safety properties
- …