Service Automata | SpringerLink
Skip to main content

Service Automata

  • Conference paper
Formal Aspects of Security and Trust (FAST 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7140))

Included in the following conference series:

Abstract

We propose a novel framework for reliably enforcing security in distributed systems. Service automata monitor the execution of a distributed program and enforce countermeasures before a violation of a security policy can occur. A key novelty of our proposal is that security is enforced in a decentralized though coordinated fashion. This provides the basis for reliably enforcing global security requirements without introducing unnecessary latencies or communication overhead. The novel contributions of this article include the concept of service automata and a generic formalization of service automata in CSP. We also illustrate how the generic model can be tailored to given security requirements by instantiating its parameters in a stepwise and modular manner.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Aziz, B., Arenas, A., Martinelli, F., Matteucci, I., Mori, P.: Controlling Usage in Business Process Workflows through Fine-Grained Security Policies. In: Furnell, S.M., Katsikas, S.K., Lioy, A. (eds.) TrustBus 2008. LNCS, vol. 5185, pp. 100–117. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  2. Basin, D.A., Burri, S.J., Karjoth, G.: Dynamic Enforcement of Abstract Separation of Duty Constraints. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 250–267. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  3. Basin, D.A., Klaedtke, F., Müller, S.: Policy Monitoring in First-Order Temporal Logic. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 1–18. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  4. Basin, D.A., Olderog, E.R., Sevinç, P.E.: Specifying and analyzing security automata using CSP-OZ. In: ACM Symposium on Information, Computer and Communications Security, pp. 70–81. ACM (2007)

    Google Scholar 

  5. Chadwick, D.W., Su, L., Otenko, A., Laborde, R.: Coordination between Distributed PDPs. In: 7th IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 163–172. IEEE Computer Society (2006)

    Google Scholar 

  6. Comuzzi, M., Spanoudakis, G.: A Framework for Hierarchical and Recursive Monitoring of Service Based Systems. In: 4th International Conference on Internet and Web Applications and Services, pp. 383–388. IEEE Computer Society (2009)

    Google Scholar 

  7. Erlingsson, U., Schneider, F.B.: SASI Enforcement of Security Policies: A Retrospective. In: 2nd New Security Paradigms Workshop, pp. 87–95. ACM (2000)

    Google Scholar 

  8. Hilty, M., Pretschner, A., Basin, D., Schaefer, C., Walter, T.: A Policy Language for Distributed Usage Control. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 531–546. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  9. Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, Inc. (1985)

    Google Scholar 

  10. Ligatti, J., Bauer, L., Walker, D.: Edit Automata: Enforcement Mechanisms for Run-time Security Policies. International Journal of Information Security 4(1-2), 2–16 (2005)

    Article  Google Scholar 

  11. Martinelli, F., Matteucci, I.: Synthesis of Local Controller Programs for Enforcing Global Security Properties. In: 3rd International Conference on Availability, Reliability and Security, pp. 1120–1127. IEEE Computer Society (2008)

    Google Scholar 

  12. Minsky, N.H.: The Imposition of Protocols Over Open Distributed Systems. IEEE Transactions on Software Engineering 17(2), 183–195 (1991)

    Article  Google Scholar 

  13. Pretschner, A., Hilty, M., Basin, D.: Distributed Usage Control. Communications of the ACM 49(9), 39–44 (2006)

    Article  Google Scholar 

  14. Schneider, F.B.: Enforceable Security Policies. Transactions on Information and System Security 3(1), 30–50 (2000)

    Article  Google Scholar 

  15. Sen, K., Vardhan, A., Agha, G., Roşu, G.: Efficient Decentralized Monitoring of Safety in Distributed Systems. In: 26th International Conference on Software Engineering, pp. 418–427. IEEE Computer Society (2004)

    Google Scholar 

  16. Zhang, X., Seifert, J.P., Sandhu, R.: Security Enforcement Model for Distributed Usage Control. In: 2008 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, pp. 10–18. IEEE Computer Society (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gay, R., Mantel, H., Sprick, B. (2012). Service Automata. In: Barthe, G., Datta, A., Etalle, S. (eds) Formal Aspects of Security and Trust. FAST 2011. Lecture Notes in Computer Science, vol 7140. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29420-4_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-29420-4_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-29419-8

  • Online ISBN: 978-3-642-29420-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics