A widespread design approach in distributed applications based on the service-oriented paradigm, such as web-services, consists of clearly separating the enforcement of authorization policies and the workflow of the applications, so that the interplay between the policy level and the workflow level is abstracted away. While such an approach is attractive because it is quite simple and permits one to reason about crucial properties of the policies under consideration, it does not provide the right level of abstraction to specify and reason about the way the workflow may interfere with the policies, and vice versa. In this paper, we present a two-level formal verification framework to overcome these problems and formally reason about the interplay of authorization policies and workflow in serviceoriented architectures. This allows us to define and investigate some verification problems for SO applications and give sufficient conditions for their decidability. © 2009 IEEE.
Verifying the interplay of authorization policies and workflow in service-oriented architectures / Barletta, M.; Ranise, S.; Vigano, L.. - 3:(2009), pp. 289-296. (Intervento presentato al convegno 2009 IEEE International Conference on Privacy, Security, Risk, and Trust, PASSAT 2009 tenutosi a Vancouver, BC, can nel 2009) [10.1109/CSE.2009.172].
Verifying the interplay of authorization policies and workflow in service-oriented architectures
Ranise S.;
2009-01-01
Abstract
A widespread design approach in distributed applications based on the service-oriented paradigm, such as web-services, consists of clearly separating the enforcement of authorization policies and the workflow of the applications, so that the interplay between the policy level and the workflow level is abstracted away. While such an approach is attractive because it is quite simple and permits one to reason about crucial properties of the policies under consideration, it does not provide the right level of abstraction to specify and reason about the way the workflow may interfere with the policies, and vice versa. In this paper, we present a two-level formal verification framework to overcome these problems and formally reason about the interplay of authorization policies and workflow in serviceoriented architectures. This allows us to define and investigate some verification problems for SO applications and give sufficient conditions for their decidability. © 2009 IEEE.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
