Formal Verification and Visualization of Security Policies

Wahsheh, Luay A.; Leon, Daniel Conte de; Alves-Foss, Jim

doi:10.4304/jcp.3.6.22-31

Cited by 5 publications

(3 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The abstracts for these publications can be found in final section of this report. Publications related to design and analysis of MILS system are filed under the following keys: Alves-Foss02a [29], Alves-Foss04a [32], Alves-Foss04b [34], Alves-Foss06a [30], ConteDeLeon02b [81], ConteDeLeon06a [82], ConteDeLeon06b [83], ConteDeLeon07a [84], Dai03a [88], Hanebutte05a [124], Harrison05a [127], Joy06a [135], Oman04a [209], Robinson07a, [221], Robinson07b [222], Robinson07c [223], Rossebo06a [227], Son06a [246], Son07a [247], Son08a [245], Taylor04a [254], Wahsheh06a [261], Wahsheh07a [262], Wahsheh07b [263], Wahsheh08a [260], Wahsheh08b [264], Wahsheh08c [265], Wang06e [267], Wang06f [266], Yang05d [274], Zhou06c [287], and Zhou08a [285].…”

Section: Computation Sequential Exponentiationmentioning

confidence: 99%

Network Authentication Protocol Studies

Alves-Foss¹,

Oman²

2009

Self Cite

View full text Add to dashboard Cite

Using Government drawings, specifications, or other data included in this document for any purpose other than Government procurement does not in any way obligate the U.S. Government. The fact that the Government formulated or supplied the drawings, specifications, or other data does not license the holder or any other person or corporation; or convey any rights or permission to manufacture, use, or sell any patented invention that may relate to them. This report was cleared for public release by the 88 th ABW, Wright-Patterson AFB Public Affairs Office and is available to the general public, including foreign nationals. Copies may be obtained from the Defense Technical Information Center (DTIC) (http://www.dtic.mil).

show abstract

Section: Computation Sequential Exponentiationmentioning

confidence: 99%

Network Authentication Protocol Studies

Alves-Foss¹,

Oman²

2009

Self Cite

View full text Add to dashboard Cite

show abstract

“…Formal methods, using logic as a tool, have been already used for policy verification [ 4 – 6 ]. They all have in common essentially these issues: (i) only directive policies are considered, and many operations can be required [ 7 – 9 ]; (ii) only consistency of implemented policies is verified, without proper contrast to directive policies.…”

Section: Introductionmentioning

confidence: 99%

“… General security models [ 10 , 11 ]. Logic models for security policy checking [ 6 , 12 ]. Implemented policy detection with data mining, [ 13 ].…”

Section: Introductionmentioning

confidence: 99%

EMRlog Method for Computer Security for Electronic Medical Records with Logic and Data Mining

Monterrubio

Frausto–Solís

Monroy

2015

BioMed Research International

View full text Add to dashboard Cite

The proper functioning of a hospital computer system is an arduous work for managers and staff. However, inconsistent policies are frequent and can produce enormous problems, such as stolen information, frequent failures, and loss of the entire or part of the hospital data. This paper presents a new method named EMRlog for computer security systems in hospitals. EMRlog is focused on two kinds of security policies: directive and implemented policies. Security policies are applied to computer systems that handle huge amounts of information such as databases, applications, and medical records. Firstly, a syntactic verification step is applied by using predicate logic. Then data mining techniques are used to detect which security policies have really been implemented by the computer systems staff. Subsequently, consistency is verified in both kinds of policies; in addition these subsets are contrasted and validated. This is performed by an automatic theorem prover. Thus, many kinds of vulnerabilities can be removed for achieving a safer computer system.

show abstract

SPTrack: Visual Analysis of Information Flows within SELinux Policies and Attack Logs

Clemente

Kaba

Rouzaud-Cornabas

et al. 2012

Active Media Technology

View full text Add to dashboard Cite

International audienceAnalyzing and administrating system security policies is difficult as policies become larger and more complex every day. The paper present work toward analyzing security policies and sessions in terms of security properties. Our intuition was that combining both visualization tools that could benefit from the expert's eyes, and software analysis abilities, should lead to a new interesting way to study and manage security policies as well as users' sessions. Rather than trying to mine large and complex policies to find possible flaws within, work may concentrate on which potential flaws are really exploited by attackers. Actually, the paper presents some methods and tools to visualize and manipulate large SELinux policies, with algorithms allowing to search for paths, such as information flows within policies. The paper also introduces a complementary original approach to analyze and visualize real attack logs as session graphs or information flow graphs, or even aggregated multiple-sessions graphs. Our wishes is that in the future, when those tools will be mature enough, security administrator can then confront the statical security view given by the security policy analysis and the dynamical and real-world view given by the parts of attacks that most often occurred

show abstract

Formal Verification and Visualization of Security Policies

Cited by 5 publications

References 24 publications

Network Authentication Protocol Studies

Network Authentication Protocol Studies

EMRlog Method for Computer Security for Electronic Medical Records with Logic and Data Mining

SPTrack: Visual Analysis of Information Flows within SELinux Policies and Attack Logs

Contact Info

Product

Resources

About