Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 406 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
406
Dung lượng
5,01 MB
Nội dung
[...]... flexibility and expressiveness of the language, and that the resulting models are logically adequate, while on the other hand they are clear to read and feasible to construct for system designers who are not experts in formalmethods Keywords: services, security, specification language, formal analysis 1 Introduction Formal Security Analysis Security in distributed systems such as web services and SOA is... Uncertainty Alexandre David, Kim Guldstrand Larsen, Shuhao Li, Marius Mikucionis, and Brian Nielsen 352 Model-Checking and Simulation for Stochastic Timed Systems Arnd Hartmanns 372 Author Index 393 ASLan++ — A Formal Security Specification Language for Distributed Systems David von Oheimb1 and Sebastian M¨dersheim2 o 1 2 Siemens... change group memberships AVANTSSAR and Its Specification Language The EU-funded Project AVANTSSAR has been concerned with developing a formal specification language and automated verification methodsand tools to handle systems at design level in which all these three aspects are relevant: non-linear work-flow, relationships between workflows (for instance via databases), and access control policies In this... manager’s messages described below Still, for the sake of relating entities for the security goals, we need to give M, the variable that will hold the manager’s agent name, as a formal parameter of Server The other parameter of Server is, as usual, the Actor A Formal Security Specification Language for Distributed Systems 5 Note that while each instance of Manager and Employee (typically) has a different... the network, in particular concatenation M1.M2 and tuples (M1,M2) of submessages M1 and M2 For “atomic” values in messages, one may use the subtype text, which may be dealt with more efficiently during model-checking For instance, we declare an abstract type of files (or better: file identifiers) as types file < text ; A Formal Security Specification Language for Distributed Systems 7 Sets, which are passed... and again the command is abstracted into the message constructor changeGroup that has the relevant information (the agent A that changes group, and the source and destination group) as parameters The server just retracts the fact that A is a member of G1 and introduces the fact that G2 now contains A Note the command is simply ignored if A is not a member of group G1 at the time the A Formal Security... changeGroup and authentic transmission as a goal 5 Security Goals ASLan++ has been geared as a high-level input language for model checking security aspects of distributed systems, and it is therefore crucial to offer a convenient, clear, and expressive way to formalize the desired security properties The most general way to describe a security property in ASLan++ is to use a first-order temporal-logic formula,... in terms of complexity and decidability [ 21,1 2,15], and in terms of methodsand tools that are practically feasible automated verification [8 ,1,1 3,16] Limitations of Security Protocol Analysis The focus of simple security protocols is however quite limited, ignoring a lot of aspects that play a crucial role in distributed systems and that often are relevant for security The first very common aspect that... He, Daniel Kroening, and Philipp R¨mmer u 287 297 The MULTIFORM Project The Hierarchical Compositional Interchange Format Damian Nadales Agut, Bert van Beek, Harsh Beohar, Pieter Cuijpers, and Jasper Fonteijn 316 Application of Model-Checking Technology to Controller Synthesis Alexandre David, Jacob Deleuran Grunnet, Jan Jakob Jessen, Kim Guldstrand Larsen, and Jacob Illum Rasmussen... Specification Language for Distributed Systems 11 command is received; in a more detailed model, one would include a feedback message (whether the command was accepted or not) to the manager 3.4 Concrete Policy Example Let us consider the consequences of the transition just described for our policy For concreteness, let us consider a state where we have a manager m1 , three employees e1 , e2 and e3 , and two groups . Boer Marcello M. Bonsangue (Eds.) Formal Methods for Components and Objects 9th International Symposium, FMCO 2010 Graz, Austria, November 29 - December 1, 2010 Revised Papers 13 Volume Editors Bernhard. Java. The 9th Symposium on Formal Methods for Components and Objects (FMCO 2010) was held in Graz, Austria, from November 29 to December 1, 2010. The venue was Hotel Weitzer. FMCO 2010 was realized as. as a concertation meeting of European projects focussing on formal methods for components and objects. This volume contains 20 revised papers submitted after the symposium by the speakers of each