A novel logic-based automatic approach to constructing compliant security policies

被引：2

作者：

Bao YiBao ^{[1
,2
,4
]}

Yin LiHua ^{[1
]}

Fang BinXing ^{[1
,3
]}

Guo Li ^{[1
]}

机构：

[1] Chinese Acad Sci, Inst Comp Technol, Beijing 100190, Peoples R China

[2] Informat Engn Univ, Inst Elect Technol, Zhengzhou 450004, Peoples R China

[3] Beijing Univ Posts & Telecommun, Beijing 100190, Peoples R China

[4] Chinese Acad Sci, Grad Univ, Beijing 100049, Peoples R China

来源：

SCIENCE CHINA-INFORMATION SCIENCES | 2012年 / 55卷 / 01期

基金：

中国国家自然科学基金; 国家高技术研究发展计划(863计划);

关键词：

security policy; rewriting; logic program; compliance; VERIFICATION; LANGUAGE; SYSTEMS;

D O I：

10.1007/s11432-011-4426-1

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

It is significant to automatically detect and resolve the incompliance in security policy. Most existing works in this field focus on compliance verification, and few of them provide approaches to automatically correct the incompliant security policies. This paper proposes a novel approach to automatically transform a given security policy into a compliant one. Given security policy Pi and delegation policy M declared by logic programs, the approach automatically rewrites Pi into a new one Pi(M) which is compliant with M and is readable by the humans. We prove that the algorithm is sound and complete under noninterference assumption. Formally, we show that the security policy query evaluation algorithm with conflict and unsettlement resolution still works very well on Pi(M). The approach is automatic, so it doesn't require a administrator with excess abilities. In this sense, our proposal can help us to save much manpower resource in security management and improves the security assurance abilities.

引用

页码：149 / 164

页数：16

共 50 条

[1] A novel logic-based automatic approach to constructing compliant security policies
BAO YiBao1
2Institute of Electronic Technology
3Beijing University of Posts and Telecommunications
4Graduate University
ScienceChina(InformationSciences), 2012, 55 (01) : 149 - 164
[2] A novel logic-based automatic approach to constructing compliant security policies
YiBao Bao
LiHua Yin
BinXing Fang
Li Guo
Science China Information Sciences, 2012, 55 : 149 - 164
[3] A Logic-based Approach to Network Security Risk Assessment
Ji, Yi
Wen, Danyan
Wang, Haiquan
Xia, Chunhe
2009 ISECS INTERNATIONAL COLLOQUIUM ON COMPUTING, COMMUNICATION, CONTROL, AND MANAGEMENT, VOL III, 2009, : 9 - +
[4] A novel logic-based approach for quantitative toxicology prediction
Amini, Ata
Muggleton, Stephen H.
Lodhi, Huma
Sternberg, Michael J. E.
JOURNAL OF CHEMICAL INFORMATION AND MODELING, 2007, 47 (03) : 998 - 1006
[5] A Novel Approach to Automatic Security Protocol Analysis Based on Authentication Event Logic
Xiao Meihua
Ma Chenglin
Deng Chunyan
Zhu Ke
CHINESE JOURNAL OF ELECTRONICS, 2015, 24 (01) : 187 - 192
[6] A Novel Approach to Automatic Security Protocol Analysis Based on Authentication Event Logic
XIAO Meihua
MA Chenglin
DENG Chunyan
ZHU Ke
Chinese Journal of Electronics, 2015, 24 (01) : 187 - 192
[7] Constructing Meaningful Explanations: Logic-based Approaches
State, Laura
PROCEEDINGS OF THE 2022 AAAI/ACM CONFERENCE ON AI, ETHICS, AND SOCIETY, AIES 2022, 2022, : 916 - 916
[8] Binder, a logic-based security language
DeTreville, J
2002 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 2002, : 105 - 113
[9] FOOD SECURITY RISK LEVEL ASSESSMENT: A FUZZY LOGIC-BASED APPROACH
Kadir, Muhd Khairulzaman Abdul
Hines, Evor L.
Qaddoum, Kefaya
Collier, Rosemary
Dowler, Elizabeth
Grant, Wyn
Leeson, Mark
Iliescu, Daciana
Subramanian, Arjunan
Richards, Keith
Merali, Yasmin
Napier, Richard
APPLIED ARTIFICIAL INTELLIGENCE, 2013, 27 (01) : 50 - 61
[10] Logic-based detection of conflicts in APPEL policies
Montangero, Carlo
Reiff-Marganiec, Stephan
Semini, Laura
INTERNATIONAL SYMPOSIUM ON FUNDAMENTALS OF SOFTWARE ENGINEERING, PROCEEDINGS, 2007, 4767 : 257 - +

← 1 2 3 4 5 →