Simone Frau scite author profile

International audienceThe AVANTSSAR Platform is an integrated toolset for the formal specification and automated validation of trust and security of service-oriented architectures and other applications in the Internet of Services. The platform supports application-level specification languages (such as BPMN and our custom languages) and features three validation backends (CL-AtSe, OFMC, and SATMC), which provide a range of complementary automated reasoning techniques (including service orchestration, compositional reasoning, model checking, and abstract interpretation). We have applied the platform to a large number of industrial case studies, collected into the AVANTSSAR Library of validated problem cases. In doing so, we unveiled a number of problems and vulnerabilities in deployed services. These include, most notably, a serious flaw in the SAML-based Single Sign-On for Google Apps (now corrected by Google as a result of our findings). We also report on the migration of the platform to industry

show abstract

Petri Net Security Checker: Structural Non-interference at Work

Frau

Gorrieri

Ferigato

2009

View full text Add to dashboard Cite

show abstract

Integrated Specification and Verification of Security Protocols and Policies

Frau

Torabi-Dashti

2011

View full text Add to dashboard Cite

We propose a language for formal specification of serviceoriented architectures. The language supports the integrated specification of communication level events, policy level decisions, and the interaction between the two. We show that the reachability problem is decidable for a fragment of service-oriented architectures. The decidable fragment is well suited for specifying, and reasoning about, securitysensitive architectures. In the decidable fragment, the attacker controls the communication media. The policies of services are centered around the trust application and trust delegation rules, and can also express rbac systems with role hierarchy. The fragment is of immediate practical relevance: we have specified and verified a number of security-sensitive architectures stemming from the e-government domain.

show abstract

Analysis of Communicating Authorization Policies

Frau

Dashti

2013

View full text Add to dashboard Cite

Abstract. We present a formal language for specifying distributed authorization policies that communicate through insecure asynchronous media. The language allows us to write declarative authorization policies; the interface between policy decisions and communication events can be specified using guards and policy updates. The attacker, who controls the communication media, is modeled as a message deduction engine. We give trace semantics to communicating authorization policies, and formulate a generic reachability problem. We show that the reachability problem is decidable for a large class of practically-relevant policies specified in our formal language.

show abstract

Integrated Specification and Verification of Security Protocols and Policies

Frau¹,

Dashti²

2010

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Simone Frau

The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures

Petri Net Security Checker: Structural Non-interference at Work

Integrated Specification and Verification of Security Protocols and Policies

Analysis of Communicating Authorization Policies

Integrated Specification and Verification of Security Protocols and Policies

Contact Info

Product

Resources

About