Benjamin Aziz

Learn More
We present a refined model for Role Based Access Control policies and define a risk measure for the model, which expresses elements of the operational, combinatorial and conflict of interest risks present in a particular policy instance. The model includes risk-reducing mechanisms corresponding to practical mechanisms like firewalls, stack checking,(More)
Grid computing allows one to access, utilise and manage heterogeneous resources in virtual organisations across multiple domains and institutions. The formation and operation of virtual organisations involve establishing trust among their members and reputation is one measure by which such trust can be quantified and reasoned about. This paper presents a(More)
An ad hoc mobile network (MANET), is a collection of wireless mobile hosts that form a temporary network without the aid of any centralized administration or support. In such a network, each mobile node operates not only as a host but also as a router, forwarding packets for other mobile nodes in the network that may be multiple hops away from each other.(More)
In this paper, we design a non-uniform static analysis for formally verifying a protocol used in large-scale Grid systems for achieving delegations from users to critical system services. The analysis reveals a few shortcomings in the protocol, such as the lack of token integrity and the possibility of repudiating a delegation session. It also reveals the(More)
We present in this paper, semi-π, an extension of the π-calculus that allows processes to query quantitative values of different actions and decide based on those values, whether an action is feasible or not. Our measure of quantity is based on the general notion of semirings. Furthermore, we develop a syntax-directed static analysis for the new language,(More)
We propose a syntactic extension of Event-B incorporating a limited notion of obligation described by triggers. The trigger of an event is the dual of the guard: when a guard is not true, an event must not occur, whereas when a trigger is true, the event must occur. The obligation imposed by a trigger is interpreted as a constraint on when the other events(More)
In goal-oriented requirements engineering methodologies, goals are structured into refinement trees from high-level system-wide goals down to fine-grained requirements assigned to specific software/hardware/human agents that can realise them. Functional goals assigned to software agents need to be operationalised into specification of services that the(More)
In this paper, we discuss the use of formal requirements-engineering techniques in capturing security requirements for a Grid-based operating system. We use KAOS goal model to represent two security goals for Grid systems, namely authorisation and single-sign on authentication. We apply goal-refinement to derive security requirements for these two security(More)
In collaborative systems, a set of organisations shares their computing resources, such as compute cycles, storage space, or on-line services, in order to establish Virtual Organisations aimed at achieving common tasks. The formation and operation of Virtual Organisations involve establishing trust among their members and reputation is one measure by which(More)
We propose a language for expressing fine-grained security policies for controlling orchestrated business processes modelled as a BPEL workflow. Our policies are expressed as a process algebra that permits a BPEL activity, denies it or force-terminates it. The outcome is evaluates with compensation contexts. Finally, we give an example of these policies in(More)