Barbara Sprick

Access control for semantic Web services

In this paper, we present an approach to enable access control for semantic Web services. Our approach builds on the idea of autonomous granting of access rights, decision making based on independent trust structures and respects privacy requirements of the users. Our framework allows the specification and computation of complex access control policies in a manageable and efficient way. Therefore, our approach is useful not only in Web services based applications (typically client-server architecture) but also in peer-to-peer and agent-based applications.

Specification of access control and certification policies for semantic web services

Web service providers specify access control policies to restrict access to their Web services. It turned out, that since the Web is an open, distributed and dynamic environment, in which a central controlling instance cannot be assumed, capability based access control is most suitable for this purpose. However, since practically every participant can certify capabilities defined in his/her own terminology, determining the semantics of certified capabilities and the trustworthiness of certification authorities are two major challenges in such a setting. In this paper, we show, (1) how certification authorities and their certification policies can be modeled semantically (2) how Web service providers can specify and check the consistency of their access control policies and (3) how end users can check automatically, whether they have access to a Web service.

Service automata

We propose a novel framework for reliably enforcing security in distributed systems. Service automata monitor the execution of a distributed program and enforce countermeasures before a violation of a security policy can occur. A key novelty of our proposal is that security is enforced in a decentralized though coordinated fashion. This provides the basis for reliably enforcing global security requirements without introducing unnecessary latencies or communication overhead. The novel contributions of this article include the concept of service automata and a generic formalization of service automata in CSP. We also illustrate how the generic model can be tailored to given security requirements by instantiating its parameters in a stepwise and modular manner.

Model-checking trace-based information flow properties

In this paper we consider the problem of verifying trace-based information flow properties for different classes of system models. We begin by proposing an automata-theoretic technique for model-checking trace-based information flow properties for finite-state systems. We do this by showing that Mantels Basic Security Predicates (BSPs), which were shown to be the building blocks of most trace-based properties in the literature, can be verified in an automated way for finite-state system models. We also consider the problem for the class of pushdown system models, and show that it is undecidable to check such systems for any of the trace-based information flow properties. Finally we consider a simple trace-based property we call “weak non-inference” and show that it is undecidable even for finite-state systems. (Work partially done while visiting Indian Institute of Science, Bangalore.)

An Automata Based Approach for Verifying Information Flow Properties

We present an automated verification technique to verify trace based information flow properties for finite state systems. We show that the Basic Security Predicates (BSPs) defined by Mantel in [Mantel, H., Possibilistic Definitions of Security - An Assembly Kit, in: Proceedings of the 13th IEEE Computer Security Foundations Workshop (2000), pp. 185-199], which are shown to be the building blocks of known trace based information flow properties, can be characterised in terms of regularity preserving language theoretic operations. This leads to a decision procedure for checking whether a finite state system satisfies a given BSP. Verification techniques in the literature (e.g. unwinding) are based on the structure of the transition system and are incomplete in some cases. In contrast, our technique is language based and complete for all information flow properties that can be expressed in terms of BSPs.

Weakly Constraining Multimedia Types Based on a Type Embedding Ordering

We present a concept of weakly constraining types which balances heterogeneity and fixity of data structures. This concept is designed for a multimedia mediator that uses fixed type declarations on schema level but allows variations of actual structures on instance level. The concept is based on a notion of embedding a fixed type declaration into a variation structure such that essential aspects of the fixed declaration are preserved. Finally we show how multimedia types gain from our type system.

Query Evaluation in an Object-Oriented Multimedia Mediator

A multimedia mediator aims at providing a well-structured gateway to some application dependent part of a federated multimedia system. Our specific design employs proxy objects for external multimedia items and introduces a new concept of semi-structured and self-describing types for multimedia items. Query evaluation and optimization hide all details of communication with external sources and explore the external parallel computation capacities, the selectivity of local preprocessing, and the impact of materialization.

On the Decidability of Model-Checking Information Flow Properties

Current standard security practices do not provide substantial assurance about information flow security: the end-to-end behavior of a computing system. Noninterference is the basic semantical condition used to account for information flow security. In the literature, there are many definitions of noninterference: Non-inference, Separability and so on. Mantel presented a framework of Basic Security Predicates (BSPs) for characterizing the definitions of noninterference in the literature. Model-checking these BSPs for finite state systems was shown to be decidable in [8]. In this paper, we show that verifying these BSPs for the more expressive system model of pushdown systems is undecidable. We also give an example of a simple security property which is undecidable even for finite-state systems: the property is a weak form of non-inference called WNI, which is not expressible in Mantels BSP framework.

Secure mediation with mobile code

A mediator helps a client of a distributed information system to acquire data without contacting each datasource. We show how mobile code can be used to ensure confidentiality of data in a secure mediation system. We analyze what advantages mobile code has over mobile data for secure mediation. We present a Java implementation of a system that mediates SQL queries. Security risks for the client and the mobile code are delineated; offending the integrity of its own data is identified as a special type of attack of mobile code in a mediation system. We name appropriate countermeasures and describe the amount of trust needed in our system. As an extension, we consider security in a hierarchy of mediators. Finally, we combine mobile code with mobile agent technology.

A Tableau Proof System for a Mazurkiewicz Trace Logic with Fixpoints

We present a tableau based proof system for νTrTL, a trace based temporal logic with fixpoints. The proof system generalises similar systems for standard interleaving temporal logics with fixpoints. In our case special attention has to be given to the modal rule: First we give a system with an interleaving style modal rule, later we use a technique similar to the sleep set method (known from finite state model checking) to obtain a more efficient proof rule. We briefly highlight the relation of the improved rule with recent advances in tableau systems for classical propositional logic, the tamed cut of the system KE.