7 research outputs found
Analyzing temporal role based access control models
Today, Role Based Access Control (RBAC) is the de facto model used for advanced access control, and is widely deployed in diverse enterprises of all sizes. Several extensions to the authorization as well as the administrative models for RBAC have been adopted in recent years. In this paper, we consider the temporal extension of RBAC (TRBAC), and develop safety analysis techniques for it. Safety analysis is essential for understanding the implications of security policies both at the stage of specification and modification. Towards this end, in this paper, we first define an administrative model for TRBAC. Our strategy for performing safety analysis is to appropriately decompose the TRBAC analysis problem into multiple subproblems similar to RBAC. Along with making the analysis simpler, this enables us to leverage and adapt existing analysis techniques developed for traditional RBAC. We have adapted and experimented with employing two state of the art analysis approaches developed for RBAC as well as tools developed for software testing. Our results show that our approach is both feasible and flexible
Approches formelles pour la modélisation et la vérification du contrÎle d'accÚs et des contraintes temporelles dans les systÚmes d'information
RĂSUMĂ
Nos travaux de recherche sâinscrivent dans un cadre qui vise Ă dĂ©velopper des approches formelles pour aider Ă concevoir des systĂšmes dâinformation avec un bon niveau de sĂ»retĂ© et de sĂ©curitĂ©. PrĂ©cisĂ©ment, il sâagit de disposer dâapproches pour vĂ©rifier quâun systĂšme fonctionne correctement et quâil implĂ©mente une politique de sĂ©curitĂ© qui rĂ©pond Ă ses besoins spĂ©cifiques en termes de confidentialitĂ©, dâintĂ©gritĂ© et de disponibilitĂ© des donnĂ©es. Notre recherche sâest ainsi construite autour de la volontĂ© de dĂ©velopper, valoriser et Ă©largir lâutilisation des rĂ©seaux de Petri en tant quâoutil de modĂ©lisation et le model-checking en tant que technique de vĂ©rification. Notre principal objectif est dâexprimer la dimension temporelle de maniĂšre quantitative pour vĂ©rifier des propriĂ©tĂ©s temporelles telles que la disponibilitĂ© des donnĂ©es, la durĂ©e dâexĂ©cution des tĂąches, les deadlines, etc. Tout dâabord, nous proposons une extension du modĂšle TSCPN (Timed Secure Colored Petri Net), initialement prĂ©sentĂ© dans mon mĂ©moire de maËıtrise. Le modĂšle TSCPN permet de modĂ©liser et de raisonner sur les droits dâaccĂšs aux donnĂ©es exprimĂ©s via une politique de contrĂŽle dâaccĂšs mandataire, i.e. ModĂšle de Bell-LaPadula. Ensuite, nous investigons lâidĂ©e dâutiliser les rĂ©seaux de Petri colorĂ©s pour reprĂ©senter les politiques de contrĂŽle dâaccĂšs Ă base de rĂŽles (Role Based Access Control - RBAC). Notre objectif est de fournir des guides prĂ©cis pour aider Ă la spĂ©cification dâune politique RBAC cohĂ©rente et complĂšte, appuyĂ©e par les rĂ©seaux de Petri colorĂ©s et lâoutil CPNtools. Finalement, nous proposons dâenrichir la classe des rĂ©seaux de Petri temporels par une nouvelle extension qui permet dâexprimer plus dâun seul type de contraintes temporelles. Il sâagit du modĂšle TAWSPN (Timed Arc Petri net - Weak and Strong semantics). Notre but Ă©tant dâoffrir une grande flexibilitĂ© dans la modĂ©lisation de systĂšmes temporisĂ©s complexes sans complexifier les mĂ©thodes dâanalyse classiques. En effet, le modĂšle TAWSPN offre une technique de modelchecking, basĂ©e sur la construction de graphes des zones (Gardey et al., 2003), comparables Ă celles des autres extensions temporelles des rĂ©seaux de Petri.
----------ABSTRACT
Our research is integrated within a framework that aims to develop formal approaches to help in the design of information systems with a good level of safety and security. Specifically, these approaches have to verify that a system works correctly and that it implements a security policy that meets its specific needs in terms of data confidentiality, integrity and availability. Our research is thus built around the aim to develop, enhance and expand the use of Petri nets as a modeling tool and the Model-checking as a verification technique. Our main objective is to express the temporal dimension in order to check quantitative temporal properties such as data availability, task execution duration, deadlines, etc.
First, we propose an extension of the TSCPN (Timed Secure Colored Petri Net) model, originally presented in my masterâs thesis. This model allows representing and reasoning about access rights, expressed via a mandatory access control policy, i.e. Bell-LaPadula model. In a second step, we investigate the idea of using colored Petri nets to represent role based access control policies (RBAC). Our goal is to provide specific guidelines to assist in the specification of a coherent and comprehensive RBAC, supported by colored Petri nets and CPNtools. Finally, we propose to enrich the class of time Petri nets by a new extension that allows to express more than one kind of time constraint, named TAWSPN (Timed-Arc Petri net Weak and Strong semantics). Our goal is to provide great flexibility in modeling complex systems without complicating the conventional methods of analysis. Indeed, the TAWSPN model offers a model-checking technique based on the construction of zone graphs (Gardey et al., 2003), comparable to those of other extensions of timed Petri net
Consistance et protection des données dans les systÚmes collaboratifs par les méthodes formelles
Le dĂ©veloppement de logiciels complexes ou de contenus multimĂ©dias implique de nos jours plusieurs personnes de plus en plus gĂ©ographiquement dispersĂ©es Ă travers le monde qui collaborent Ă travers des systĂšmes dâĂ©dition collaborative. Le but principal de cette collaboration est lâamĂ©lioration de la productivitĂ© et la rĂ©duction du temps et des coĂ»ts de dĂ©veloppement. Lâun des dĂ©fis majeurs de ces outils dâĂ©dition collaborative est dâassurer la convergence et la fiabilitĂ© des donnĂ©es partagĂ©es. Pour rĂ©pondre Ă ce dĂ©fi, plusieurs approches existent dans la littĂ©rature parmi lesquelles, nous avons lâapproche multiversions (MV), lâapproche des types de donnĂ©es commutatives rĂ©pliquĂ©es
(CRDT) et lâapproche de la transformĂ©e opĂ©rationnelle (OT). La premiĂšre se base sur le principe du copier, modifier et fusionner et utilise un serveur central chargĂ© de la fusion des diffĂ©rentes copies provenant des sites participant Ă la collaboration. Les modifications effectuĂ©es par chaque site sur sa copie ne sont fusionnĂ©es Ă la copie centrale quâĂ la demande de lâutilisateur. La difficultĂ© majeure de cette approche est le coĂ»t liĂ© au stockage des diverses versions sur le serveur, lâutilisation dâestampilles pour ordonner les opĂ©rations lors de la fusion. Ce qui la rend difficilement utilisable dans un contexte dâenvironnement distribuĂ©. La deuxiĂšme approche considĂšre que toutes
les opĂ©rations sont commutatives donc pouvant ĂȘtre exĂ©cutĂ©es dans un ordre quelconque. Quant Ă la derniĂšre approche, elle sâappuie sur une transformation des opĂ©rations reçues des sites distants par rapport Ă celles qui leur sont concurrentes. Dans cette approche, un algorithme de transformation inclusive (IT) est utilisĂ© afin dâassurer la convergence des copies, mais la plupart des algorithmes
proposés dans la littérature ne satisfont pas les critÚres de convergence. En plus de la cohérence, la fiabilité des données reste un autre défi dans les systÚmes collaboratifs.
Pour faire face à ce défi, plusieurs applications encapsulent, dans leur code source, des fonctionnalités
transverses telles que celles de sĂ©curitĂ© afin de rĂ©pondre aux exigences de confidentialitĂ© et dâintĂ©gritĂ© des donnĂ©es. Dans la littĂ©rature, la programmation orientĂ©e aspect (AOP) est lâune des approches utilisĂ©es afin dâassurer la modularitĂ©, la maintenabilitĂ© et la rĂ©utilisation des composants dâun logiciel. Une des difficultĂ©s de ce paradigme de programmation est lâassurance quâune propriĂ©tĂ©
de sĂ©curitĂ© reste satisfaite aprĂšs le tissage entre le programme de base et tous les aspects encapsulant les prĂ©occupations transverses. Ce qui implique de trouver des techniques automatiques de vĂ©rification des propriĂ©tĂ©s de sĂ©curitĂ© une fois le tissage fait. Dans le registre de la fiabilitĂ© des donnĂ©es, le contrĂŽle dâaccĂšs joue un rĂŽle prĂ©pondĂ©rant. Ainsi, en ce qui concerne le partage de
contenus multimédias publiés sur le Web, il est nécessaire de collaborer pour les alimenter, mais un des défis majeurs est de les rendre fiables.----------ABSTRACT: Complex software and Web content development involve nowadays multiple programmers located in different areas working together on the same development project using collaborative systems in order to achieve efficiency, improve productivity and reduce development time. One of the key challenge in such a development environment is ensuring the convergence and the reliability of the shared data or content. In the literature, many approaches have been proposed to face this challenge. Among those approaches, we have multi-version (MV), commutative replication data type (CRDT) and operational transformation (OT) approach. The first approach is based on the "copy, modify and merge" principle and uses a central server to merge the updates from the different sites participating in the collaboration. The local updates of a specific site are merged only on demand. The key drawback of this approach is the storage cost of the various versions on the server and the overhead due to the generation of stamps for the operations ordering. Thus, this drawback makes this approach difficult to use in the context of a distributed collaborative environment. The second
approach preconizes that all the operations are commutative so that they can be executed in any given order. The latter approach is based on the transformation of all the operations received from the remote sites against their concurrent operations before being merged. In this approach, an inclusive transformation algorithm is used in order to ensure the convergence criteria. Unfortunately, most of the proposed algorithms in the literature do not satisfy the convergence criteria. Beside the convergence, the reliability of the data remains another challenge in the collaborative systems. In order to face this challenge, many programs encapsulate crosscutting concerns (e.g.
security, logging) for data confidentiality and integrity purposes. In the literature, aspect-oriented programming (AOP) is one the approaches used to better modularize the separation of concerns in order to make easier the maintenance and the reuse of the software components. However, one challenge of this paradigm is the insurance that a given property such as security one remains satisfied
after the weaving of the base program and the aspects. Thus, we may find automated way to verify such security properties in the woven program. Concerning data reliability, access control is one of the major piece of the puzzle. Thus, in the Web content publication, one challenge is to collaborate in order to produce them and the other key challenge is to make them reliable
Combining SOA and BPM Technologies for Cross-System Process Automation
This paper summarizes the results of an industry case study that introduced a cross-system business process automation solution based on a combination of SOA and BPM standard technologies (i.e., BPMN, BPEL, WSDL). Besides discussing major weaknesses of the existing, custom-built, solution and comparing them against experiences with the developed prototype, the paper presents a course of action for transforming the current solution into the proposed solution. This includes a general approach, consisting of four distinct steps, as well as specific action items that are to be performed for every step. The discussion also covers language and tool support and challenges arising from the transformation
Interaction and interest management in a scripting language.
Interaction management is concerned with the protocols that govern interactive activities among multiple users or agents in networked collaborative environments. Interest management is concerned with the relevance-based data filtering in networked collaborative environments. The main objective of the former is to structure interactive activities according to the requirements of the application concerned, while the main objective of the latter is to provide secured data transmission of a subset of information relevant to each recipient. The research in these two important aspects of networked software has largely been carried out in specific application domains such as online meetings, online groupware and online games. This thesis is concerned with the design and implementation of high-level language constructs for interaction and interest management. The work that has been undertaken includes: an abstract study of interactive activities and data transmission in networked collaborative environments through a large number of variations of the noughts and crosses game; the design of a set of language constructs for specifying a variety of interaction protocols; the design of a set of language constructs for specifying secured data sharing with relevance-based filtering; the implementation of these language constructs in the form of a major extension of a scripting language JACIE (Java-based Authoring Language for Collaborative Interactive Environments); the development of two demonstration applications, namely e-leaming on Simulation of Network Trouble Shooting and online Bridge, using the extended JACIE for demonstrating the technical feasibility and usefulness of the design. These high-level language constructs support a class of complicated software features in networked collaborative applications, such as turn management, interaction timing, group formation, dynamic protocol changes, distributed data sharing, access control, authentication and information filtering. They enable programmers to implement such features in an intuitive manner without involving low-level system programming directly, which would otherwise require the knowledge and skills of experienced network programmers
Efficient Passive Clustering and Gateways selection MANETs
Passive clustering does not employ control packets to collect topological information in ad hoc networks. In our proposal, we avoid making frequent changes in cluster architecture due to repeated election and re-election of cluster heads and gateways. Our primary objective has been to make Passive Clustering more practical by employing optimal number of gateways and reduce the number of rebroadcast packets