Abstract
This paper introduces ASLan++, the AVANTSSAR Specification
Language. ASLan++ has been designed for formally specifying dynamically
composed security-sensitive web services and service-oriented
architectures, their associated security policies, as well as their security
properties, at both communication and application level.
We introduce the main concepts of ASLan++ at a small but very instructive
running example, abstracted form a company intranet scenario,
that features non-linear and inter-dependent workflows, communication
security at different abstraction levels including an explicit credentialsbased
authentication mechanism, dynamic access control policies, and
the related security goals. This demonstrates the flexibility and expressiveness
of the language, and that the resulting models are logically adequate,
while on the other hand they are clear to read and feasible to
construct for system designers who are not experts in formal methods.
Original language | English |
---|---|
Title of host publication | Formal Methods for Components and Objects : 9th International Symposium, FMCO 2010 Graz, Austria, November 29 - December 1, 2010 Revised Papers |
Publisher | Springer |
Publication date | 2010 |
Pages | 1-22 |
ISBN (Print) | 978-3-642-25270-9 |
ISBN (Electronic) | 978-3-642-25271-6 |
DOIs | |
Publication status | Published - 2010 |
Event | 9th International Symposium on Formal Methods for Components and Objects - Graz, Austria Duration: 29 Nov 2010 → 1 Dec 2010 Conference number: 9 |
Conference
Conference | 9th International Symposium on Formal Methods for Components and Objects |
---|---|
Number | 9 |
Country/Territory | Austria |
City | Graz |
Period | 29/11/2010 → 01/12/2010 |
Series | Lecture Notes in Computer Science |
---|---|
Number | 6957 |
ISSN | 0302-9743 |