ASLan++ — A Formal Security Specification Language for Distributed Systems

    Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

    Abstract

    This paper introduces ASLan++, the AVANTSSAR Specification Language. ASLan++ has been designed for formally specifying dynamically composed security-sensitive web services and service-oriented architectures, their associated security policies, as well as their security properties, at both communication and application level. We introduce the main concepts of ASLan++ at a small but very instructive running example, abstracted form a company intranet scenario, that features non-linear and inter-dependent workflows, communication security at different abstraction levels including an explicit credentialsbased authentication mechanism, dynamic access control policies, and the related security goals. This demonstrates the flexibility and expressiveness of the language, and that the resulting models are logically adequate, while on the other hand they are clear to read and feasible to construct for system designers who are not experts in formal methods.
    Original languageEnglish
    Title of host publicationFormal Methods for Components and Objects : 9th International Symposium, FMCO 2010 Graz, Austria, November 29 - December 1, 2010 Revised Papers
    PublisherSpringer
    Publication date2010
    Pages1-22
    ISBN (Print)978-3-642-25270-9
    ISBN (Electronic)978-3-642-25271-6
    DOIs
    Publication statusPublished - 2010
    EventInternational Symposium on Formal Methods for Components and Objects - Graz, Austria
    Duration: 1 Jan 2010 → …
    Conference number: 9

    Conference

    ConferenceInternational Symposium on Formal Methods for Components and Objects
    Number9
    CityGraz, Austria
    Period01/01/2010 → …
    SeriesLecture Notes in Computer Science
    Number6957
    ISSN0302-9743

    Cite this

    Von Oheimb, D., & Mödersheim, S. A. (2010). ASLan++ — A Formal Security Specification Language for Distributed Systems. In Formal Methods for Components and Objects: 9th International Symposium, FMCO 2010 Graz, Austria, November 29 - December 1, 2010 Revised Papers (pp. 1-22). Springer. Lecture Notes in Computer Science, No. 6957 https://doi.org/10.1007/978-3-642-25271-6