2012
DOI: 10.1007/978-3-642-27901-0_12
|View full text |Cite
|
Sign up to set email alerts
|

Formal Specification and Validation of Security Policies

Abstract: Abstract. We propose a formal framework for the specification and validation of security policies. To model a secured system, the evolution of security information in the system is described by transitions triggered by authorization requests and the policy is given by a set of rules describing the way the corresponding decisions are taken. Policy rules are constrained rewrite rules whose constraints are first-order formulas on finite domains, which provides enhanced expressive power compared to classical secur… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
7
0

Year Published

2012
2012
2017
2017

Publication Types

Select...
3
2
1

Relationship

2
4

Authors

Journals

citations
Cited by 8 publications
(7 citation statements)
references
References 23 publications
0
7
0
Order By: Relevance
“…The specification of policies by means of rewriting systems allows, not only to take advantage of the extensive theory of rewriting to establish security properties, as shown in [49,23,15] amongst other works, but also to make use of rewriting-based frameworks (such as CiME, MAUDE or TOM) to reason about policy properties. Our work addresses similar issues, but is based on a notion of category-based access control for distributed environments, which we interpret using labelled graphs, and which can be instantiated to include concepts like time, events, and histories that are not included as elements of RT or RBAC.…”
Section: Related Workmentioning
confidence: 99%
“…The specification of policies by means of rewriting systems allows, not only to take advantage of the extensive theory of rewriting to establish security properties, as shown in [49,23,15] amongst other works, but also to make use of rewriting-based frameworks (such as CiME, MAUDE or TOM) to reason about policy properties. Our work addresses similar issues, but is based on a notion of category-based access control for distributed environments, which we interpret using labelled graphs, and which can be instantiated to include concepts like time, events, and histories that are not included as elements of RT or RBAC.…”
Section: Related Workmentioning
confidence: 99%
“…Bourdier et al point out the existence of several competing techniques for expressiveness analysis, none of which consider the deployment. They approach one facet of this problem by proposing a formalism for access control systems that can more easily be transformed into implementations using rewrite-based tools [21]. Several others simply express a desire to use expressiveness analysis, but never do so, presumably due to the complexities of selecting and using the right notion of simulation [22], [23].…”
Section: Usage and Implicationsmentioning
confidence: 99%
“…In this framework, one can characterize the various entities involved in the definition of a security policy together with their roles, thus providing a semantic specification of security policies. Several developments on access control poli-cies and flow policies have been done within this framework: an operational mechanism that detects illegal information flows according to the flow policy induced by an access control policy is defined in [20], and the rule-based approach is considered in [7] by using rewrite systems. In this paper, we focus on the property-based approach, which provides for a clear distinction between a policy and its enforcement mechanism.…”
Section: Security Policies and Secured Systemsmentioning
confidence: 99%