Specifying and Verifying Organizational Security Properties in First-Order Logic

Abstract: In certain critical cases the data flow between business departments in banking organizations has to respect security policies known as Chinese Wall or Bell-La Padula. We show that these policies can be represented by formal requirements and constraints in first-order logic. By additionally providing a formal model for the flow of data between business departments we demonstrate how security policies can be applied to a concrete organizational setting and checked with a first-order theorem prover. Our approach… Show more

“…Organizational business and IT models as well as their corresponding constraints are assumed to be entered as human-centric models and aligned with machine-centric models that codify aspects of their corresponding formal semantics (R6, R7). In [37,36] we were able to show that such a formal semantics can be provided by the help of a formal tool (R8). This example was realized in the context of an earlier version of the EM-Cube.…”

“…Besides this, quality assurance of models also benefits from formal syntax analysis techniques (R26), which help to assure, for example, that certain syntactical modeling constraints are respected (Ehrig et al, 2006). The need to check semantic properties of enterprise models makes it looks promising to ground their specific semantics on the implemented semantics of already existing formal tools (Boehmer, Brandt, & Groote, 2009;Brandt, Otten, Kreitz, & Bibel, 2010;Brandt et al, 2011) (R27), because this…”

“…Besides this, quality assurance of models also benets from formal syntax analysis techniques (R26), which help to assure, for example, that certain syntactical modeling constraints are respected [53]. The need to check semantic properties of enterprise models makes it looks promising to ground their specic semantics on the implemented semantics of already existing formal tools [28,37,36] (R27), because this enables software reuse and automatic evaluation of semantic properties at the same time. In the related work, modeling languages like UML [154] as well as programming languages like Java [12,17] are used to build enterprise models and to generate executable code at the end (R28).…”

“…It implements the formal semantics of an advanced process algebra encompassing a modal logic which can be used to specify and check complex system behavior [78]. M M BR/M IR Rules: Possible candidates for a textual machine languages are rule languages that are build on rst-order logic [50,37] as an implemented formal semantics. Available implementations are, for example, Prolog systems [42] or specialized commercial products.…”

Conformance Analysis of Organizational Models

“…Organizational business and IT models as well as their corresponding constraints are assumed to be entered as human-centric models and aligned with machine-centric models that codify aspects of their corresponding formal semantics (R6, R7). In [37,36] we were able to show that such a formal semantics can be provided by the help of a formal tool (R8). This example was realized in the context of an earlier version of the EM-Cube.…”

“…Besides this, quality assurance of models also benefits from formal syntax analysis techniques (R26), which help to assure, for example, that certain syntactical modeling constraints are respected (Ehrig et al, 2006). The need to check semantic properties of enterprise models makes it looks promising to ground their specific semantics on the implemented semantics of already existing formal tools (Boehmer, Brandt, & Groote, 2009;Brandt, Otten, Kreitz, & Bibel, 2010;Brandt et al, 2011) (R27), because this…”

“…Besides this, quality assurance of models also benets from formal syntax analysis techniques (R26), which help to assure, for example, that certain syntactical modeling constraints are respected [53]. The need to check semantic properties of enterprise models makes it looks promising to ground their specic semantics on the implemented semantics of already existing formal tools [28,37,36] (R27), because this enables software reuse and automatic evaluation of semantic properties at the same time. In the related work, modeling languages like UML [154] as well as programming languages like Java [12,17] are used to build enterprise models and to generate executable code at the end (R28).…”

“…It implements the formal semantics of an advanced process algebra encompassing a modal logic which can be used to specify and check complex system behavior [78]. M M BR/M IR Rules: Possible candidates for a textual machine languages are rule languages that are build on rst-order logic [50,37] as an implemented formal semantics. Available implementations are, for example, Prolog systems [42] or specialized commercial products.…”

Conformance Analysis of Organizational Models

Advances in Connection-Based Automated Theorem Proving

Brewer-Nash Scrutinised: Mechanised Checking of Policies Featuring Write Revocation