Specification and verification of security requirements in a programming model for decentralized CSCW systems

Tanvir Ahmed, Anand R Tripathi

Research output: Contribution to journalArticlepeer-review

14 Scopus citations

Abstract

We present, in this paper, a role-based model for programming distributed CSCW systems. This model supports specification of dynamic security and coordination requirements in such systems. We also present here a model-checking methodology for verifying the security properties of a design expressed in this model. The verification methodology presented here is used to ensure correctness and consistency of a design specification. It is also used to ensure that sensitive security requirements cannot be violated when policy enforcement functions are distributed among the participants. Several aspect-specific verification models are developed to check security properties, such as task-flow constraints, information flow, confidentiality, and assignment of administrative privileges.

Original languageEnglish (US)
Article number7
JournalACM Transactions on Information and System Security
Volume10
Issue number2
DOIs
StatePublished - May 1 2007

Keywords

  • Finite state-based model checking
  • Methodology for access-control policy design
  • Role-based access control
  • Security policy specification

Fingerprint Dive into the research topics of 'Specification and verification of security requirements in a programming model for decentralized CSCW systems'. Together they form a unique fingerprint.

Cite this