FORMAL SPECIFICATION OF SECURITY REQUIREMENTS USING THE THEORY OF NORMATIVE POSITIONS

We use a number of the examples presented in [Ting 1990] to illustrate how the formal theory of normative positions may serve as a tool for clarifying, and making precise, the specification of security requirements, particularly in regard to access control. We describe the basic features of the theory of nonnative positions (which has its roots in the analytical theory of law), and of the modal logics (deontic and action logics) involved in its formulation. We then indicate three levels of software we have under development, which aim to turn the analytical procedures into a practical tool. Our concluding remarks relate our discussion of Ting's examples to some particular issues in the formal specification of computer systems.