Specification and Verification Using Alloy of Optimistic Access Control for Distributed Collaborative Editors

Distributed Collaborative Editors are interactive systems where several and dispersed users edit concurrently shared documents. Generally, these systems rely on data replication and use safe coordination protocol which ensures data consistency even though the users's updates are executed in any order on different copies. Controlling access in such systems is a challenging problem, as they need dynamic access changes and low latency access to shared documents. In [1], a flexible access control protocol is proposed; it is based on replicating the shared document and its authorization policy at the local memory of each user. To deal with latency and dynamic access changes, an optimistic access control technique is used where enforcement of authorizations is retroactive. However, verifying whether the combination of access control and coordination protocols preserves the data consistency is a hard task since it requires examining a large number of situations. In this paper, we specify this access control protocol in the first-order relational logic with Alloy, and we verify that it preserves the correctness of the system on which it is deployed in such a way that the access control policy is enforced identically at all participating user sites and, accordingly, the data consistency remains still maintained.

[1]  Elisa Bertino,et al.  Access-control language for multidomain environments , 2004, IEEE Internet Computing.

[2]  Sushil Jajodia,et al.  Maintaining Replicated Authorizations in Distributed Database Systems , 1996, Data Knowl. Eng..

[3]  Daniel Jackson,et al.  Software Abstractions - Logic, Language, and Analysis , 2006 .

[4]  Dean Povey Optimistic security: a new access control paradigm , 1999, NSPW '99.

[5]  Yanchun Zhang,et al.  Achieving convergence, causality preservation, and intention preservation in real-time cooperative editing systems , 1998, TCHI.

[6]  Clarence A. Ellis,et al.  Concurrency control in groupware systems , 1989, SIGMOD '89.

[7]  Ajitha Rajan,et al.  Requirements Coverage as an Adequacy Measure for Conformance Testing , 2008, ICFEM.

[8]  Daniel Le Berre,et al.  The Sat4j library, release 2.2 , 2010, J. Satisf. Boolean Model. Comput..

[9]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[10]  Seng-Phil Hong,et al.  Access control in collaborative systems , 2005, CSUR.

[11]  Benoît Fraikin,et al.  Comparison of Model Checking Tools for Information Systems , 2010, ICFEM.

[12]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[13]  Gail-Joon Ahn,et al.  Enabling verification and conformance testing for access control model , 2008, SACMAT '08.

[14]  Wentong Cai,et al.  Transparent adaptation of single-user applications for multi-user real-time collaboration , 2006, TCHI.

[15]  Emil C. Lupu,et al.  Verification of Policy-Based Self-Managed Cell Interactions Using Alloy , 2009, 2009 IEEE International Symposium on Policies for Distributed Systems and Networks.

[16]  James B. D. Joshi,et al.  An RBAC framework for time constrained secure interoperation in multi-domain environments , 2005, 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems.

[17]  Indrakshi Ray,et al.  A lattice-based approach for updating access control policies in real-time , 2007, Inf. Syst..

[18]  Michaël Rusinowitch,et al.  A Flexible Access Control Model for Distributed Collaborative Editors , 2009, Secure Data Management.

[19]  Hannah K. Lee,et al.  lightweight decentralized authorization model for inter-domain collaborations , 2007, SWS '07.

[20]  Fausto Giunchiglia,et al.  NUSMV: a new symbolic model checker , 2000, International Journal on Software Tools for Technology Transfer.

[21]  Jim Woodcock,et al.  Using Z - specification, refinement, and proof , 1996, Prentice Hall international series in computer science.

[22]  Sunil Kumar,et al.  Formal Verification of OAuth 2.0 Using Alloy Framework , 2011, 2011 International Conference on Communication Systems and Network Technologies.

[23]  Manachai Toahchoodee,et al.  Ensuring spatio-temporal access control for real-world applications , 2009, SACMAT '09.