Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCE 813 Internet Security Fall 2012

Published byJane Collins Modified over 5 years ago

Similar presentations

Presentation on theme: "CSCE 813 Internet Security Fall 2012"— Presentation transcript:

1 CSCE 813 Internet Security Fall 2012

2 Internet Security - Farkas
Next Class XSS attack Today: Project Draft Workflow verification Internet Security - Farkas

3 Internet Security - Farkas
Business Process Increased complexity Workflow specification Workflow correctness Workflow security Automated analysis Internet Security - Farkas

4 Workflow Verification
Detect conflicts and anomalies Lack of formal methods and tools Internet Security - Farkas

5 Internet Security - Farkas
What to represent? Activity-based workflow model Design-time analysis Implementation-time verification Reading: propositional logic Activities Basic workflow constructs Activity “leads” to other activity Internet Security - Farkas

6 Internet Security - Farkas
Workflow a2 a1 + a4 Internet Security - Farkas

7 Internet Security - Farkas
WS-BPEL Language to specify business processes that are composed of Web services as well as exposed as Web services WS-BPEL specifications are portable -- can be carried out by every WS-BPEL compliant execution environment Internet Security - Farkas

8 Two-Level Programming Model
Programming in the large Non-programmers implementing processes Flow logic Programming in the small Programmers implementing low-level services Function logic Internet Security - Farkas

9 Internet Security - Farkas
WS-BPEL Flow Oriented Request Invoke Response SOA and WS-BPEL Internet Security - Farkas

10 Internet Security - Farkas
Security and Workflow Identity Management Authorization: e.g., data access controls Process constraints Provenance Internet Security - Farkas

11 Internet Security - Farkas
Issues Need to distinguish between functionality & security guarantees How to handle trust management? Workflows are process or data centric How to map to user-centric system security policies? Planning and enactment are complex/rich processes How to establish security assurance of a complex mechanism? Internet Security - Farkas

12 Internet Security - Farkas
Next Class XSS and CSRF Internet Security - Farkas

Download ppt "CSCE 813 Internet Security Fall 2012"

Similar presentations

IBM Software Group ® Design Thoughts for JDSL 2.0 Version 0.2.

IBM Software Group ® Design Thoughts for JDSL 2.0 Version 0.2.
Software Quality Assurance Plan

Software Quality Assurance Plan
Web Service Composition Prepared by Robert Ma February 5, 2007.

Web Service Composition Prepared by Robert Ma February 5, 2007.
Operating System Security

Operating System Security
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 31 Slide 1 Service-centric Software Engineering 1.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 31 Slide 1 Service-centric Software Engineering 1.
A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.

A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.
Service Oriented Architecture SOA. SOA has been the New New Thing for the last few years in enterprise software As with everything that gains visibility.

Service Oriented Architecture SOA. SOA has been the New New Thing for the last few years in enterprise software As with everything that gains visibility.
Deeper Security Analysis of Web-based Identity Federation Apurva Kumar IBM Research – India.

Deeper Security Analysis of Web-based Identity Federation Apurva Kumar IBM Research – India.
Building New SOA and AJAX- Based Business Applications Mark Barnard R&D Manager – Natural Business Services Software AG (Canada) Inc.

Building New SOA and AJAX- Based Business Applications Mark Barnard R&D Manager – Natural Business Services Software AG (Canada) Inc.
A. Bucchiarone / Pisa/ 30 Jan 2007 Dynamic Software Architectures for Global Computing Antonio Bucchiarone PhD Student – IMT Graduate School Piazza S.

A. Bucchiarone / Pisa/ 30 Jan 2007 Dynamic Software Architectures for Global Computing Antonio Bucchiarone PhD Student – IMT Graduate School Piazza S.
RepoMMan Workflow for Fedora Aberystwyth October 2005 Robert Sherratt Richard Green Funded by the JISC Digital Repositories Programme.

RepoMMan Workflow for Fedora Aberystwyth October 2005 Robert Sherratt Richard Green Funded by the JISC Digital Repositories Programme.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
What is workflow?  A workflow is a structured way of defining and automating structures and procedures within an organization. What is workflow management.

What is workflow?  A workflow is a structured way of defining and automating structures and procedures within an organization. What is workflow management.
Chapter 1: Overview of Workflow Management Dr. Shiyong Lu Department of Computer Science Wayne State University.

Chapter 1: Overview of Workflow Management Dr. Shiyong Lu Department of Computer Science Wayne State University.
International User Group Information Delivery Manuals: General Overview Courtesy:This presentation is based on material provided by AEC3 and AEC Infosystems.

International User Group Information Delivery Manuals: General Overview Courtesy:This presentation is based on material provided by AEC3 and AEC Infosystems.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
Methodology and Tools for End-to-End SOA Configurations By: Fumiko satoh, Yuichi nakamura, Nirmal K. Mukhi, Michiaki Tatsubori, Kouichi ono.

Methodology and Tools for End-to-End SOA Configurations By: Fumiko satoh, Yuichi nakamura, Nirmal K. Mukhi, Michiaki Tatsubori, Kouichi ono.
*Law and Coordination Rodrigo Paes. © LES/PUC-Rio Agenda Integration Coordination BPEL example Birth *Law and Coordination Further Steps.

*Law and Coordination Rodrigo Paes. © LES/PUC-Rio Agenda Integration Coordination BPEL example Birth *Law and Coordination Further Steps.
Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.

Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.
Computer Science and Engineering 1 XML, RDF, Workflow Security.

Computer Science and Engineering 1 XML, RDF, Workflow Security.

Similar presentations

Ads by Google