论文信息 - Five examples of web-services for illustrating requirements for security architecture

Five examples of web-services for illustrating requirements for security architecture

The tension caused by the need for expressive power when formulating security rules and the need to keep computational complexity low when undertaking the necessary access rule evaluations is a major challenge in the formulation of good security architecture. This paper provides five examples of security in web services. which illustrate this tension. These examples highlight the need for more expressiveness in the rules used to express policies in three cases, and in the other the fact that XACML appears to have nearly adequate expressiveness without undue complexity. Each example is expressed first informally, by describing a service which could concievably be provided in a web services architecture, then the example is also outlined using either XACML, first order logic or both.

[1] Mark Ryan,et al. Evaluating Access Control Policies Through Model Checking , 2005, ISC.

[2] Hans Hermes,et al. Introduction to mathematical logic , 1973, Universitext.

[3] Anna van Raaphorst. OASIS (Organization for the Advancement of Structured Information Standards) , 2006 .

[4] Pierre-Yves Schobbens,et al. Model-Checking Access Control Policies , 2004, ISC.

[5] Peter Aczel etc. HANDBOOK OF MATHEMATICAL LOGIC , 1999 .

[6] Sam Moffatt,et al. Access control in semantic information systems , 2010 .

[7] Mark Ryan,et al. Synthesising verified access control systems in XACML , 2004, FMSE '04.

[8] Martín Abadi,et al. A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[9] Mark Ryan,et al. Synthesising verified access control systems through model checking , 2008, J. Comput. Secur..