Formal Verification of Authorization Policies for Enterprise Social Networks Using PlusCal-2

Information security research has been a highly active and widely studied research direction. In the domain of of Enterprise Social Networks (ESNs), the security challenges are amplified as they aim to incorporate the social technologies in an enterprise setup and thus asserting greater control on information security. Further, the security challenges may not be limited to the boundaries of a single enterprise and need to be catered for a federated environment where users from different ESNs can collaborate. In this paper, we address the problem of federated authorization for the ESNs and present an approach for combining user level policies with the enterprise policies. We present the formal verification technique for ESNs and how it can be used to identify the conflicts in the policies. It allows us to bridge the gap between user-centric or enterprise-centric approaches as required by the domain of ESN. We apply our specification of ESNs on a scenario and discuss the model checking results.

[1]  Feng Liang,et al.  An Attributes-Based Access Control Architecture within Large-Scale Device Collaboration Systems Using XACML , 2012 .

[2]  Bobby Bhattacharjee,et al.  Persona: an online social network with user-defined privacy , 2009, SIGCOMM '09.

[3]  James A. Hendler,et al.  Analyzing web access control policies , 2007, WWW '07.

[4]  Liang Gao,et al.  A distributed collaborative product design environment based on semantic norm model and role-based access control , 2013, J. Netw. Comput. Appl..

[5]  Srdjan Marinovic,et al.  Decentralized Composite Access Control , 2014, POST.

[6]  Hannah K. Lee,et al.  lightweight decentralized authorization model for inter-domain collaborations , 2007, SWS '07.

[7]  Tran Khanh Dang,et al.  Towards a Flexible Framework to Support a Generalized Extension of XACML for Spatio-temporal RBAC Model with Reasoning Ability , 2013, ICCSA.

[8]  Leslie Lamport,et al.  Model Checking TLA+ Specifications , 1999, CHARME.

[9]  Ravi S. Sandhu,et al.  Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management , 1997, DBSec.

[10]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[11]  Vijay Varadharajan,et al.  Dynamic delegation framework for role based access control in distributed data management systems , 2012, Distributed and Parallel Databases.

[12]  Roshan K. Thomas,et al.  Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments , 1997, RBAC '97.

[13]  Olivier Perrin,et al.  Trust-Based Formal Delegation Framework for Enterprise Social Networks , 2015, TrustCom 2015.

[14]  Alec Wolman,et al.  Lockr: better privacy for social networks , 2009, CoNEXT '09.

[15]  Gail-Joon Ahn,et al.  Role-based access control on the web , 2001, TSEC.

[16]  Leslie Lamport,et al.  Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers [Book Review] , 2002, Computer.

[17]  Olivier Perrin,et al.  A Formal Approach for the Verification of AWS IAM Access Control Policies , 2017, ESOCC.

[18]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[19]  Stephan Merz,et al.  A High-Level Language for Modeling Algorithms and Their Properties , 2010, SBMF.

[20]  Roshan K. Thomas,et al.  Flexible team-based access control using contexts , 2001, SACMAT '01.

[21]  Leslie Lamport,et al.  The PlusCal Algorithm Language , 2009, ICTAC.

[22]  Alexander Rossmann,et al.  Enterprise Social Networks: Status Quo of Current Research and Future Research Directions , 2016, BIS.

[23]  Olivier Perrin,et al.  CATT: A cloud based authorization framework with trust and temporal aspects , 2014, 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing.