ASLan++ — A Formal Security Specification Language for Distributed Systems

    Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

    Abstract

    This paper introduces ASLan++, the AVANTSSAR Specification Language. ASLan++ has been designed for formally specifying dynamically composed security-sensitive web services and service-oriented architectures, their associated security policies, as well as their security properties, at both communication and application level. We introduce the main concepts of ASLan++ at a small but very instructive running example, abstracted form a company intranet scenario, that features non-linear and inter-dependent workflows, communication security at different abstraction levels including an explicit credentialsbased authentication mechanism, dynamic access control policies, and the related security goals. This demonstrates the flexibility and expressiveness of the language, and that the resulting models are logically adequate, while on the other hand they are clear to read and feasible to construct for system designers who are not experts in formal methods.
    Original languageEnglish
    Title of host publicationFormal Methods for Components and Objects : 9th International Symposium, FMCO 2010 Graz, Austria, November 29 - December 1, 2010 Revised Papers
    PublisherSpringer
    Publication date2010
    Pages1-22
    ISBN (Print)978-3-642-25270-9
    ISBN (Electronic)978-3-642-25271-6
    DOIs
    Publication statusPublished - 2010
    Event9th International Symposium on Formal Methods for Components and Objects - Graz, Austria
    Duration: 29 Nov 20101 Dec 2010
    Conference number: 9

    Conference

    Conference9th International Symposium on Formal Methods for Components and Objects
    Number9
    Country/TerritoryAustria
    CityGraz
    Period29/11/201001/12/2010
    SeriesLecture Notes in Computer Science
    Number6957
    ISSN0302-9743

    Fingerprint

    Dive into the research topics of 'ASLan++ — A Formal Security Specification Language for Distributed Systems'. Together they form a unique fingerprint.

    Cite this