Formal Specification and Validation of Security Policies

被引:0
|
作者
Bourdier, Tony [1 ]
Cirstea, Horatiu [1 ]
Jaume, Mathieu [2 ]
Kirchner, Helene [3 ]
机构
[1] INRIA Nancy Grand Est Res Ctr, Nancy, France
[2] Univ Paris 06, SPI LIP6, F-75252 Paris 05, France
[3] INRIA Bordeaux Sud Ouest Res Ctr, Talence, France
来源
FOUNDATIONS AND PRACTICE OF SECURITY | 2011年 / 6888卷
关键词
ACCESS-CONTROL; LOGIC;
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
We propose a formal framework for the specification and validation of security policies. To model a secured system, the evolution of security information in the system is described by transitions triggered by authorization requests and the policy is given by a set of rules describing the way the corresponding decisions are taken. Policy rules are constrained rewrite rules whose constraints are first-order formulas on finite domains, which provides enhanced expressive power compared to classical security policy specification approaches like the ones using Datalog, for example. Our specifications have an operational semantics based on transition and rewriting systems and are thus executable. This framework also provides a common formalism to define, compare and compose security systems and policies. We define transformations over secured systems in order to perform validation of classical security properties.
引用
收藏
页码:148 / +
页数:4
相关论文
共 50 条
  • [1] Formal specification and integration of distributed security policies
    Mejri, Mohamed
    Yahyaoui, Hamdi
    [J]. COMPUTER LANGUAGES SYSTEMS & STRUCTURES, 2017, 49 : 1 - 35
  • [2] Formal specification and management of security policies with collective group obligations
    Cuppens, Frederic
    Cuppens-Boulahia, Nora
    Elrakaiby, Yehia
    [J]. JOURNAL OF COMPUTER SECURITY, 2013, 21 (01) : 149 - 190
  • [3] Agent Coordination Contexts for the formal specification and enactment of coordination and security policies
    Omicini, Andrea
    Ricci, Alessandro
    Viroli, Mirko
    [J]. SCIENCE OF COMPUTER PROGRAMMING, 2006, 63 (01) : 88 - 107
  • [4] A model for specification and validation of security policies in communication networks: the firewall case
    Abassi, Ryma
    El Fatrni, Sihem Guerriara
    [J]. ARES 2008: PROCEEDINGS OF THE THIRD INTERNATIONAL CONFERENCE ON AVAILABILITY, SECURITY AND RELIABILITY, 2008, : 467 - +
  • [5] Validation of a Security Policy by the Test of its Formal B Specification - a Case Study
    Ledru, Yves
    Idani, Akram
    Richier, Jean-Luc
    [J]. 2015 IEEE/ACM 3RD FME WORKSHOP ON FORMAL METHODS IN SOFTWARE ENGINEERING, 2015, : 6 - 12
  • [6] Formal Specification and Verification of Security Guidelines
    Zhioua, Zeineb
    Roudier, Yves
    Ameur, Rabea Boulifa
    [J]. 2017 IEEE 22ND PACIFIC RIM INTERNATIONAL SYMPOSIUM ON DEPENDABLE COMPUTING (PRDC 2017), 2017, : 267 - 273
  • [7] Formal specification techniques as a catalyst in validation
    Aichernig, BK
    Gerstinger, A
    Aster, R
    [J]. FIFTH IEEE INTERNATIONAL SYMPOSIUM ON HIGH ASSURANCE SYSTEMS ENGINEERING, PROCEEDINGS, 2000, : 203 - 206
  • [8] Towards formal specification and generation of autonomic policies
    Sterritt, R
    Hinchey, MG
    Rash, JL
    Truszkowski, W
    Rouff, CA
    Gracanin, D
    [J]. EMBEDDED AND UBIQUITOUS COMPUTING - EUC 2005 WORKSHOPS, PROCEEDINGS, 2005, 3823 : 1245 - 1254
  • [9] The specification and enforcement of advanced security policies
    Ryutov, T
    Neuman, C
    [J]. THIRD INTERNATION WORKSHOP ON POLICIES FOR DISTRIBUTED SYSTEMS AND NETWORKS, PROCEEDINGS, 2002, : 128 - 138
  • [10] Specification and runtime enforcement of security policies
    Jin, Ying
    Zhang, Jing
    Zheng, Xiaojuan
    [J]. 2007 IFIP INTERNATIONAL CONFERENCE ON NETWORK AND PARALLEL COMPUTING WORKSHOPS, PROCEEDINGS, 2007, : 244 - +
12345