Formal Modelling of a Usable Identity Management Solution for Virtual Organisations

  title={Formal Modelling of a Usable Identity Management Solution for Virtual Organisations},
  author={Ali Nasrat Haidar and Peter V. Coveney and Ali E. Abdallah and Peter Y. A. Ryan and Bruce Beckles and John M. Brooke and M. A. S. Jones},
This paper attempts to accurately model security requirements for computational grid environments with particular focus on authentication. We introduce the Audited Credential Delegation (ACD) architecture as a solution to some of the virtual organisations identity management usability problems. The approach uses two complementary models: one is state based, described in Z notation, and the other is event-based, expressed in the Process Algebra of Hoare's Communicating Sequential Processes (CSP… 

Figures from this paper

Audited credential delegation: a usable identity management solution for grid environments

Audited Credential Delegation (ACD), a usable security solution for authentication, authorisation and auditing in distributed environments, and supports the use of local credentials.

Audited credential delegation - a user-centric identity management solution for computational grid environments

The Audited Credential Delegation (ACD) is presented, a user-centric security identity management solution that accommodates users and resource providers security requirements including authentication, authorisation and auditing security goals from the design level.

Audited credential delegation: a usable security solution for the virtual physiological human toolkit

Audited credential delegation (ACD) is presented, a usable security solution for authentication, authorization and auditing in distributed virtual physiological human (VPH) project environments that removes the use of digital certificates from end-users' experience.

Towards a Formal Model of Privacy-Sensitive Dynamic Coalitions

The first steps to reach a formal framework for modeling and verifying the design of privacy-sensitive dynamic coalition infrastructures and their processes are presented and the usefulness of the Abstract State Machine (ASM) method is illustrated.

Refinement-Based Techniques in the Analysis of Information Flow Policies for Dynamic Virtual Organisations

A refinement-based modelling approach is proposed for the design and analysis of VO policy resilience by using the refinement- based formalism Event-B to model a VO structure, commonly referred to as the Bronze/Silver/Gold structure that frequently arises in multi-agency response to emergencies.

Privacy-Aware Dynamic Coalitions A Formal Framework

The thesis of this work states, that the proposed framework supports the understanding and the development of software for privacy-aware dynamic coalitions throughout the typical software engineering life cycle: requirement capture, detailed design, validation and documentation.

An ASM-based Model for Grid Job Management

The present work focuses on the modeling and implementation of a Distributed Asynchronous ASM asyncASM, which follows mathematical definition of ASMs and inherits several typical features of the ASM modeling.

Formal and semi-formal verification of a web voting system

The verification process conducted to assess the functional correctness of the voting system developed by CONICET is presented, integrating formal, semi-formal and informal verification activities from formal proof to code inspection and model-based testing.

From campus resources to federated international grids: bridging the gap with the application hosting environment

This paper describes how AHE is deployed to offer access to federated local and grid resources provided by the TeraGrid, UK National Grid Service and EU DEISA grid, and presents two case studies where AHE has been used to facilitate production level scientific simulation across these resources.



Formal Modelling of PKI Based Authentication

A user-friendly approach to computational grid security

This paper describes work underway to provide more user-friendly security mechanisms for computational grid environments with significant usability issues for end-users and/or administrators.

Computer security

  • D. Gollmann
  • Computer Science
    Worlwide series in computer cience
  • 1999
This work will put various enforcement mechanisms into context with the policies and the IT architectures they were originally designed for in computer security.

Grid infrastructures for secure access to and use of bioinformatics data: experiences from the BRIDGES project

An advanced data and compute grid infrastructure incorporating latest grid authorisation technologies was developed and delivered to the scientists and described the perceived security requirements at the project start including data classifications and how these evolved throughout the lifetime of the project.

Refining Industrial Scale Systems in Circus

The largest case study on the Circus refinement strategy is presented, making extensive use of mutual recursion and a simplified notation for specifying such systems and proving their refinements is proposed here.

Communicating sequential processes

This paper suggests that input and output are basic primitives of programming and that parallel composition of communicating sequential processes is a fundamental program structuring method. When

Handbook of Applied Cryptography

From the Publisher: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of

Weaving Authentication and Authorization Requirements into the Functional Model of a System Using Z Promotion

An approach for building systems from generic and modular security components using promotion technique in Z is shown and it is possible to specify the core functionalities of a system independently from the security mechanisms.

Using Z - specification, refinement, and proof

The book discusses data Refinement, Relaxing and Unwinding Data Refinement and Z, and the importance of Equality and Definite Description in the application of data refinement.