1 / 12

CSCE 813 Internet Security Fall 2012

Learn about the importance of workflow verification in internet security, including detecting conflicts, anomalies, and ensuring correctness and security. Explore the use of formal methods and tools for automated analysis.

lizag
Download Presentation

CSCE 813 Internet Security Fall 2012

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSCE 813 Internet SecurityFall 2012

  2. Next Class • XSS attack • Today: • Project Draft • Workflow verification Internet Security - Farkas

  3. Business Process • Increased complexity • Workflow specification • Workflow correctness • Workflow security • Automated analysis Internet Security - Farkas

  4. Workflow Verification Detect conflicts and anomalies Lack of formal methods and tools Internet Security - Farkas

  5. What to represent? • Activity-based workflow model • Design-time analysis • Implementation-time verification • Reading: propositional logic • Activities • Basic workflow constructs • Activity “leads” to other activity Internet Security - Farkas

  6. Workflow a2 a1 + a4 Internet Security - Farkas

  7. WS-BPEL Language to specify business processes that are composed of Web services as well as exposed as Web services WS-BPEL specifications are portable -- can be carried out by every WS-BPEL compliant execution environment Internet Security - Farkas

  8. Two-Level Programming Model • Programming in the large • Non-programmers implementing processes • Flow logic • Programming in the small • Programmers implementing low-level services • Function logic Internet Security - Farkas

  9. WS-BPEL Flow Oriented Request Invoke Response SOA and WS-BPEL Internet Security - Farkas

  10. Security and Workflow Identity Management Authorization: e.g., data access controls Process constraints Provenance Internet Security - Farkas

  11. Issues • Need to distinguish between functionality & security guarantees • How to handle trust management? • Workflows are process or data centric • How to map to user-centric system security policies? • Planning and enactment are complex/rich processes • How to establish security assurance of a complex mechanism? Internet Security - Farkas

  12. Next Class XSS and CSRF Internet Security - Farkas

More Related