Using Hierarchical Timed Coloured Petri Nets in the formal study of TRBAC security policies

Attia, Hasiba Ben; Kahloul, Laïd; Benhazrallah, Saber; Bourekkache, Samir

doi:10.1007/s10207-019-00448-9

Cited by 13 publications

(6 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Policy analysis mainly deals with policy evaluation and anomaly analysis: checking for errors like incorrect policy specifications, conflicts and sub-optimizations affecting either a single policy or a set of policies [3] being the primary research topic. Works in this area use different techniques to achieve this goal, such as model checking [17], [18], binary decision diagrams [19], graph theory [20], Deterministic Finite State Automata (DFSA) [21], First Order Logic (FOL) [22], geometrical models [23], answer set programming [24], petri nets [25] and metagraphs [15]. Policy evaluation instead deals with checking whether a request is satisfied by a set of policies.…”

Section: Introductionmentioning

confidence: 99%

Verification of Cloud Security Policies

Miller

Mérindol

Gallais³

et al. 2021

2021 IEEE 22nd International Conference on High Performance Switching and Routing (HPSR)

View full text Add to dashboard Cite

Companies like Netflix increasingly use the cloud to deploy their business processes. Those processes often involve partnerships with other companies, and can be modeled as workflows where the owner of the data at risk interacts with contractors to realize a sequence of tasks on the data to be secured.In practice, access control is an essential building block to deploy these secured workflows. This component is generally managed by administrators using high-level policies meant to represent the requirements and restrictions put on the workflow. Handling access control with a high-level scheme comes with the benefit of separating the problem of specification, i.e. defining the desired behavior of the system, from the problem of implementation, i.e. enforcing this desired behavior. However, translating such high-level policies into a deployed implementation can be error-prone.Even though semi-automatic and automatic tools have been proposed to assist this translation, policy verification remains highly challenging in practice. In this paper, our aim is to define and propose structures assisting the checking and correction of potential errors introduced on the ground due to a faulty translation or corrupted deployments. In particular, we investigate structures with formal foundations able to naturally model policies. Metagraphs, a generalized graph theoretic structure, fulfill those requirements: their usage enables to compare high-level policies to their implementation. In practice, we consider Rego, a language used by companies like Netflix and Plex for their release process, as a valuable representative of most common policy languages. We propose a suite of tools transforming and checking policies as metagraphs, and use them in a global framework to show how policy verification can be achieved with such structures. Finally, we evaluate the performance of our verification method.

show abstract

Section: Introductionmentioning

confidence: 99%

Verification of Cloud Security Policies

Miller

Mérindol

Gallais³

et al. 2021

2021 IEEE 22nd International Conference on High Performance Switching and Routing (HPSR)

View full text Add to dashboard Cite

show abstract

“…Policy analysis mainly deals with policy evaluation and anomaly analysis: checking for errors such as incorrect policy specifications, conflicts and sub-optimizations affecting either a single policy or a set of policies [16] being the primary research topic. Works in this area use different techniques to achieve this goal, such as model checking [51,52], binary decision diagrams [53], graph theory [54], Deterministic Finite State Automata (DFSA) [55], First Order Logic (FOL) [56], geometrical models [57], answer set programming [58], petri nets [59] and metagraphs [32].…”

Section: Related Workmentioning

confidence: 99%

Securing Workflows Using Microservices and Metagraphs

et al. 2021

View full text Add to dashboard Cite

Companies such as Netflix increasingly use the cloud to deploy their business processes. Those processes often involve partnerships with other companies, and can be modeled as workflows where the owner of the data at risk interacts with contractors to realize a sequence of tasks on the data to be secured. In this paper, we first show how those workflows can be deployed and enforced while preventing data exposure. Second, this paper provides a global framework to enable the verification of workflow policies. Following the principles of zero-trust, we develop an infrastructure using the isolation provided by a microservice architecture to enforce owner policy. We implement a workflow with our infrastructure in a publicly available proof of concept. This work allows us to verify that the specified policy is correctly enforced by testing the deployment for policy violations, and find the overhead cost of authorization to be reasonable for the benefits. In addition, this paper presents a way to verify policies using a suite of tools transforming and checking policies as metagraphs. It is evident from the results that our verification method is very efficient regarding the size of the policies. Overall, this infrastructure and the mechanisms that verify the policy is correctly enforced, and then correctly implemented, help us deploy workflows in the cloud securely.

show abstract

“…Because the accessibility of the TPZN involves limited time and there are lots of the state classes, some methods to reduce the state classes are necessary. For instance, Bourdil and Berthomieu have proposed some methods to reduce the state classes [28,31]. Based on their work, we use Z frame to abstract the system so to reduce the state number.…”

Section: Theorem 1 If the Global Execution Time Of Every Transition Sequence Of The New Refined Tpzn Model From The Beginning To The End mentioning

confidence: 99%

“…It not only has continuous part time but also has discrete time. Some researchers used time Petri nets to model the requirements and software of system [29][30][31][32][33][34], but it lacked specific rule descriptions and state depictions.…”

Section: Introductionmentioning

confidence: 99%

Formal Verification on the Safety of Internet of Vehicles Based on TPN and Z

Liu

Huang

Chen

2020

Mathematical Problems in Engineering

View full text Add to dashboard Cite

Nowadays, the Internet of Vehicles has become the focus of global technological innovation and transformation in the automotive industry. Its flow modelling appears to play a very important role for designing and controlling the transportation systems, since it is not only necessary for improving safety and transportation efficiency but also can yield a series of society, economy, and ecosystem environment problems. Considering the characteristics of the frame structure includes states and actions and discrete and continuous aspects of traffic flow dynamics, both petri net and Z have proved to be useful tools for modelling the Internet of Vehicles. It can formally describe the vehicle behavior accurately with petri net and more details with Z frame structure. A new integration formal method of time petri net and Z is presented in this paper for modelling the vehicle behaviors and traffic rules through taking into account state dependencies on external rules. Moreover, a case study in the Internet of Vehicles is proposed to deal with the accurate localization of events. It shows that this formal verification methods significantly improves the safety and intelligence of the Internet of Vehicles.

show abstract

Using Hierarchical Timed Coloured Petri Nets in the formal study of TRBAC security policies

Cited by 13 publications

References 30 publications

Verification of Cloud Security Policies

Verification of Cloud Security Policies

Securing Workflows Using Microservices and Metagraphs

Formal Verification on the Safety of Internet of Vehicles Based on TPN and Z

Contact Info

Product

Resources

About