Collaborative Computing: Networking, Applications and Worksharing. 13th International Conference, CollaborateCom 2017, Edinburgh, UK, December 11–13, 2017, Proceedings

Research Article

Formal Verification of Authorization Policies for Enterprise Social Networks Using

Download
56 downloads
  • @INPROCEEDINGS{10.1007/978-3-030-00916-8_49,
        author={Sabina Akhtar and Ehtesham Zahoor and Olivier Perrin},
        title={Formal Verification of Authorization Policies for Enterprise Social Networks Using },
        proceedings={Collaborative Computing: Networking, Applications and Worksharing. 13th International Conference, CollaborateCom 2017, Edinburgh, UK, December 11--13, 2017, Proceedings},
        proceedings_a={COLLABORATECOM},
        year={2018},
        month={10},
        keywords={Enterprise social network Formal verification Model checking 
                    
                   TLA 
                    
                  },
        doi={10.1007/978-3-030-00916-8_49}
    }
    
  • Sabina Akhtar
    Ehtesham Zahoor
    Olivier Perrin
    Year: 2018
    Formal Verification of Authorization Policies for Enterprise Social Networks Using
    COLLABORATECOM
    Springer
    DOI: 10.1007/978-3-030-00916-8_49
Sabina Akhtar1,*, Ehtesham Zahoor2,*, Olivier Perrin3,*
  • 1: Bahria University
  • 2: National University of Computer and Emerging Sciences
  • 3: Université de Lorraine, LORIA
*Contact email: sabina.buic@bahria.edu.pk, ehtesham.zahoor@nu.edu.pk, olivier.perrin@loria.fr

Abstract

Information security research has been a highly active and widely studied research direction. In the domain of Enterprise Social Networks (ESNs), the security challenges are amplified as they aim to incorporate the social technologies in an enterprise setup and thus asserting greater control on information security. Further, the security challenges may not be limited to the boundaries of a single enterprise and need to be catered for a federated environment where users from different ESNs can collaborate. In this paper, we address the problem of federated authorization for the ESNs and present an approach for combining user level policies with the enterprise policies. We present the formal verification technique for ESNs and how it can be used to identify the conflicts in the policies. It allows us to bridge the gap between user-centric or enterprise-centric approaches as required by the domain of ESN. We apply our specification of ESNs on a scenario and discuss the model checking results.