Policy-based design of secure distributed collaboration systems

CSCW (Computer Supported Cooperative Work) systems range from traditional office automation workflow, interactive groupware, to Internet-wide virtual organizations. Contemporary CSCW systems may need to span across different organizations and security domains. In these environments, no single site or user may be trusted to enforce all the policies of a distributed CSCW system. Moreover, users' coordination and security requirements in such systems need to adapt with changes in administrative policies and user experiences. This dissertation presents a framework for construction of secure distributed CSCW systems from their high-level specifications containing security and coordination policies. The research presented in this thesis contributes in three areas: (1) a role-based specification model for coordination and security policies, including administrative security policies, in distributed CSCW systems; (2) a verification methodology based on model checking to ensure that a specification satisfies security requirements related to availability, confidentiality, integrity, and access leakage; and (3) a design of a policy-driven middleware for constructing the secure runtime environment for a distributed CSCW system from its specification. The role-based collaboration specification model developed separates the security and coordination concerns from the implementation of shared applications and resources. This specification model can express a wide range of coordination and security requirements, such as role admission constraints, intra- and inter role coordination, hierarchical structuring of activities, various forms of “separation of duties”, confidentiality, context sensitive access control policies, and meta-level administrative security policies. Finite-state based model checking, using the model checker SPIN, is utilized for verification of security requirements. The challenges in managing the complexity of finite state based verification for collaboration policies are addressed, and a verification methodology based on aspect specific verification models is developed. The policy driven middleware that we have developed as a proof-of-concept automates the realization of a distributed CSCW system from its specification integrating shared applications and resources. This dissertation addresses challenges in designing the policy driven middleware, such as selection of secure sites for policy enforcement, policy module derivation and distribution, secure event service, and session management. We have evaluated our approach by building several experimental collaborative applications with various coordination and security policies.