Formal Modelling of a Usable Identity Management Solution for Virtual Organisations

TL;DR

This paper models security requirements for virtual organization identity management using formal methods, introducing the ACD architecture with combined state-based and event-based models for improved usability and security verification.

Contribution

It presents the Audited Credential Delegation architecture and employs both Z notation and CSP to formally model and verify its security and functional requirements.

Findings

Formal models clarify security requirements

Verification of system meets intended security goals

Enhances usability of identity management in virtual organizations

Abstract

This paper attempts to accurately model security requirements for computational grid environments with particular focus on authentication. We introduce the Audited Credential Delegation (ACD) architecture as a solution to some of the virtual organisations identity management usability problems. The approach uses two complementary models: one is state based, described in Z notation, and the other is event-based, expressed in the Process Algebra of Hoare's Communicating Sequential Processes (CSP). The former will be used to capture the state of the WS and to model back-end operations on it whereas the latter will be used to model behavior, and in particular, front-end interactions and communications. The modelling helps to clearly and precisely understand functional and security requirements and provide a basis for verifying that the system meets its intended requirements.