The advance of web services technologies promises to have far-reaching effects on the Internet and enterprise networks allowing for greater accessibility of data. The security challenges presented by the web services approach are formidable. In particular, access control solutions should be revised to address new challenges, such as the need of using certificates for the identification of users and their attributes, human intervention in the creation or selection of the certificates, and (chains of) certificates for trust management. With all these features, it is not surprising that analyzing policies to guarantee that a sensitive resource can be accessed only by authorized users becomes very difficult. In this paper, we present an automated technique to analyze scenario-based specifications of access control policies in open and distributed systems. We illustrate our ideas on a case study arising in the e-government area. © Springer-Verlag Berlin Heidelberg 2013.

Automated analysis of scenario-based specifications of distributed access control policies with non-mechanizable activities / Barletta, M.; Ranise, S.; Vigano, L.. - 7783:(2013), pp. 49-64. (Intervento presentato al convegno 8th International Workshop on Security and Trust Management, STM 2012 tenutosi a Pisa, ita nel 2012) [10.1007/978-3-642-38004-4_4].

Automated analysis of scenario-based specifications of distributed access control policies with non-mechanizable activities

Ranise S.;
2013-01-01

Abstract

The advance of web services technologies promises to have far-reaching effects on the Internet and enterprise networks allowing for greater accessibility of data. The security challenges presented by the web services approach are formidable. In particular, access control solutions should be revised to address new challenges, such as the need of using certificates for the identification of users and their attributes, human intervention in the creation or selection of the certificates, and (chains of) certificates for trust management. With all these features, it is not surprising that analyzing policies to guarantee that a sensitive resource can be accessed only by authorized users becomes very difficult. In this paper, we present an automated technique to analyze scenario-based specifications of access control policies in open and distributed systems. We illustrate our ideas on a case study arising in the e-government area. © Springer-Verlag Berlin Heidelberg 2013.
2013
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Germany
Springer Verlag
978-3-642-38003-7
978-3-642-38004-4
Barletta, M.; Ranise, S.; Vigano, L.
Automated analysis of scenario-based specifications of distributed access control policies with non-mechanizable activities / Barletta, M.; Ranise, S.; Vigano, L.. - 7783:(2013), pp. 49-64. (Intervento presentato al convegno 8th International Workshop on Security and Trust Management, STM 2012 tenutosi a Pisa, ita nel 2012) [10.1007/978-3-642-38004-4_4].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/332969
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact