Research Article
Formal Verification of Authorization Policies for Enterprise Social Networks Using
@INPROCEEDINGS{10.1007/978-3-030-00916-8_49, author={Sabina Akhtar and Ehtesham Zahoor and Olivier Perrin}, title={Formal Verification of Authorization Policies for Enterprise Social Networks Using }, proceedings={Collaborative Computing: Networking, Applications and Worksharing. 13th International Conference, CollaborateCom 2017, Edinburgh, UK, December 11--13, 2017, Proceedings}, proceedings_a={COLLABORATECOM}, year={2018}, month={10}, keywords={Enterprise social network Formal verification Model checking TLA }, doi={10.1007/978-3-030-00916-8_49} }- Sabina Akhtar
Ehtesham Zahoor
Olivier Perrin
Year: 2018
Formal Verification of Authorization Policies for Enterprise Social Networks Using
COLLABORATECOM
Springer
DOI: 10.1007/978-3-030-00916-8_49
Abstract
Information security research has been a highly active and widely studied research direction. In the domain of Enterprise Social Networks (ESNs), the security challenges are amplified as they aim to incorporate the social technologies in an enterprise setup and thus asserting greater control on information security. Further, the security challenges may not be limited to the boundaries of a single enterprise and need to be catered for a federated environment where users from different ESNs can collaborate. In this paper, we address the problem of federated authorization for the ESNs and present an approach for combining user level policies with the enterprise policies. We present the formal verification technique for ESNs and how it can be used to identify the conflicts in the policies. It allows us to bridge the gap between user-centric or enterprise-centric approaches as required by the domain of ESN. We apply our specification of ESNs on a scenario and discuss the model checking results.
