Open Access
A petri net based XML firewall security model for web services invocation.
Mihir M. Ayachit,Haiping Xu +1 more
- pp 61-67
TLDR
This paper proposes a formal XML firewall security model using role-based access control (RBAC), which supports user authentication and user authorization according to information stored in a user database and a policy database associated with an XML firewall.Abstract:
An XML firewall differs from a conventional firewall because its major task is to control access to web services rather than to filter untrusted addresses. An XML firewall can effectively protect web services from being attacked by inspecting a complete XML message including its head and data segments, and rejecting unauthorized web services invocation. In this paper, we propose a formal XML firewall security model using role-based access control (RBAC). Our proposed model supports user authentication and user authorization according to information stored in a user database and a policy database associated with an XML firewall. The formal model is designed compositionally using Petri nets, which can serve as a high-level design for XML firewall implementation. The key components of our compositional security model are the application model and the XML firewall model. To illustrate the advantages of our formal approach, we use an existing Petri net tool to verify some key properties of our model, such as boundedness and liveness.read more
Citations
More filters
Journal ArticleDOI
Formal modelling and analysis of XML firewall for service-oriented systems
TL;DR: This paper presents a formal XML firewall security model for service-oriented systems, which supports user authentication and role-based user authorisation according to policy rules that can be updated dynamically.
Book ChapterDOI
A transformation-driven approach to the verification of security policies in web designs
TL;DR: A verification framework for security policies of Web designs based on the transformation of the models that conform the system design into a formalism where further analysis can be performed and applied to Labyrinth, a domain specific language oriented to the design of Web applications.
Proceedings ArticleDOI
A Rigorous Methodology for Security Architecture Modeling and Verification
TL;DR: This paper introduces a rigorous methodology for utilizing threat modeling in building secure software architectures using SAM and verifying them formally using Symbolic Model Checking and proposes a translation from SAM Secure models into the SMV model checker.
Proceedings ArticleDOI
A rigorous methodology for security architecture modeling and verification
Yomna Ali,Sherif El-Kassas +1 more
TL;DR: This paper introduces a rigorous methodology for utilizing threat modeling in building secure software architectures using SAM and verifying them formally using Symbolic Model Checking and proposes a translation from SAM Secure models into the SMV model checker.
Proceedings ArticleDOI
Analysis of Concurrent Security Protocols Using Colored Petri Nets
TL;DR: This work extends a version of CPN method for analyzing cryptographic protocols so that it can be verified whether any security threats exist when many instances of the protocol are executed concurrently.
References
More filters
Journal ArticleDOI
Petri nets: Properties, analysis and applications
TL;DR: The author proceeds with introductory modeling examples, behavioral and structural properties, three methods of analysis, subclasses of Petri nets and their analysis, and one section is devoted to marked graphs, the concurrent system model most amenable to analysis.
Journal ArticleDOI
Role-based access control models
TL;DR: Why RBAC is receiving renewed attention as a method of security administration and review is explained, a framework of four reference models developed to better understandRBAC is described, and the use of RBAC to manage itself is discussed.
Journal ArticleDOI
A framework for model-based design of agent-oriented software
Haiping Xu,Sol M. Shatz +1 more
TL;DR: The basic G-net model is customized to define a so-called "agent-based G-nets" that can serve as a generic model for agent design that can progress from an agent-based design model to anAgent-oriented model, and new mechanisms to support inheritance modeling are introduced.
Journal ArticleDOI
ADK: An Agent Development Kit Based on a Formal Design Model for Multi-Agent Systems
Haiping Xu,Sol M. Shatz +1 more
TL;DR: This paper proposes a model-based approach to designing and implementing intelligent agents for multi-agent systems (MAS), and uses the formalism called agent-oriented G-net model, which is based on the G-nets formalism to serve as the high-level design for intelligent agents.
Proceedings Article
Two Patterns for Web Services Security.
TL;DR: Two patterns for web services are presented: a Security Assertion Coordination pattern that coordinates authentication and authorization using a Role -Based Control (RBAC) model for access to distributed resources; and a pattern for XML firewalls, that filters XML messages or documents according to institution policies.