A Formal Security Model for Collaboration in Multi-agency Networks

Salem Aljareh, Nick Rossiter, Michael Heather

Abstract

Security problems in collaborative work between multiple agencies are less well understood than those in the business and defence worlds. We develop a perspective for policies and models that is task-based on a need-to-know basis. These policies are represented by two protocols, the first CTCP (Collaboration Task-based Creation Protocol) dealing with negotiation, decision and agreement between the parties involved and the second CTRP (Collaboration Task-based Run-time Protocol) responsible for the operation of the policy. The two protocols and the relationship between them are defined in Petri-Nets. The overall model is formally defined using a categorical pullback construction. Each of the protocols, represented as Petri-Nets for state-transition purposes, is a category-valued functor in the pullback.

References

  1. Aljareh, S., & Rossiter N., 2001, Toward security in multi-agency clinical information services, Proceedings Workshop on Dependability in Healthcare Informatics, Edinburgh, 22nd-23rd March 2001, 33-41.
  2. Aljareh, S., & Rossiter, N., 2002, A Task-based Security Model to facilitate Collaboration in Trusted Multi-agency Networks, ACM Symposium on Applied Computing (SAC) 2002, Madrid, 744-749.
  3. Anderson, R., 1996, A Security Policy Model for clinical Information Systems, Proc. IEEE Symposium on Research in Security and Privacy, 30-43.
  4. Asperti, A., Ferrari, G. L., & Gorrieri, R., 1990, Implicative formulae in the Proofs as Computations' analogy, Proc 17th ACM SIGPLAN-SIGACT Symp Principles Programming Languages, 59-71.
  5. Chu-Carroll, J., and Carberry, S., 2000, Conflict Resolution in Collaborative Planning Dialogues, International Journal of Human-Computer Studies, 53(6) 969-1015.
  6. Crazzolara, F., & G. Winskel, G., 2001, Petri-Nets in cryptographic protocols, Proc. 6th Inl Workshop Formal methods Parallel Programming: Theory and Practice.
  7. Fischer-Hübner, S., & Ott, A., 1998, From a Formal Privacy Model to its Implementation, Proc. 21st National Information Systems Security Conference, Arlington, VA.
  8. Furuta, R, & Stotts, P D, 1994, Interpreted collaboration protocols and their use in GroupWise prototyping, Proc 1994 ACM Conf Computer supported cooperative work, Chapel Hill, North Carolina, United States, 121 - 131.
  9. Gollmann, D., 1999, Computer Security. ISBN: 0 471 97844 2, John Wiley and Sons.
  10. Jensen, K., 1996, Colored Petri-Nets - Basic concepts, analysis methods and practical use, Springer, second edition 1.
  11. Joshi, J., & Ghafoor, A., 2000, A Petri-Net Based Multilevel Security Specification Model for Multimedia Documents, ICME2000, IEEE International Conference on Multimedia and Expo, MP10.12 533, Purdue University, USA.
  12. Mac Lane, S, 1998, Categories for the Working Mathematician, 2nd ed, Springer-Verlag.
  13. Mahling, D.E., Coury, B. G., & Croft, W. B., 1990, User Models in Cooperative Task-oriented environment. Proc. 23rd Annual Hawaii IEEE International Conference on System Science, 94-99.
  14. Rasmussen, J. L., & Singh, M., 1996, Designing a Security System by Means of Coloured Petri-Nets. Proc. 17th International Conference in Application and Theory of Petri-Nets (ICATPN'96), Osaka, Japan, Lecture Notes in Computer Science, 1091 400-419.
  15. Reisig, W., 1985, Petri-Nets: an Introduction. Berlin; New York: Springer-Verlag.
  16. Reisig, W., & Rozenberg G., 1998, Lectures on Petri-Nets: Advances in Petri-Nets. Lecture Notes in Computer Science, no. 1491.
  17. Rossiter, N., Nelson, D. A., & Heather, M. A., 2003, Formalizing Types with Ultimate Closure for Middleware Tools in Information Systems Engineering, 5th International Conference on Enterprise Information Systems (ICEIS), Angers, France 366-373.
  18. Ryan, P, 2003, Theoretical Challenges Raised by Information Security, Workshop on Issues in Security and Petri-Nets (WISP), ICATPN.
  19. Steinke, G., 1997, A Task-based Approach to Implementing Computer Security, Journal of Computer Information Systems, 47-54.
  20. Thomas, R. K., & Sandhu, R. S., 1994, Conceptual Foundation for a Model of Task-Based Authorization, Proc. 7th IEEE Computer Security Foundations Workshop, 66-79.
  21. Thomas, R. K., & Sandhu, R. S., 1997, Task-based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-oriented Authorization Management. Proc. IFIP WG11.3 Workshop on Database Security, Lake Tahoe, California.
  22. Van der Aalst, W. M. P., & Basten, D., 2001, Identifying Commonalities and differences in Object Life Cycles using Behavioral Inheritance, Application and Theory of Petri-Nets 2001, 22nd International Conference ICATPN, Newcastle, 32-52.
Download


Paper Citation


in Harvard Style

Aljareh S., Rossiter N. and Heather M. (2004). A Formal Security Model for Collaboration in Multi-agency Networks . In Proceedings of the 1st International Workshop on Computer Supported Activity Coordination - CSAC, (ICEIS 2004) ISBN 972-8865-08-2, pages 253-260. DOI: 10.5220/0002681402530260


in Bibtex Style

@conference{csac04,
author={Salem Aljareh and Nick Rossiter and Michael Heather},
title={A Formal Security Model for Collaboration in Multi-agency Networks},
booktitle={Proceedings of the 1st International Workshop on Computer Supported Activity Coordination - CSAC, (ICEIS 2004)},
year={2004},
pages={253-260},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002681402530260},
isbn={972-8865-08-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 1st International Workshop on Computer Supported Activity Coordination - CSAC, (ICEIS 2004)
TI - A Formal Security Model for Collaboration in Multi-agency Networks
SN - 972-8865-08-2
AU - Aljareh S.
AU - Rossiter N.
AU - Heather M.
PY - 2004
SP - 253
EP - 260
DO - 10.5220/0002681402530260