ABSTRACT
A general framework for simulating security policies interactively is developed by ASMs (Gurevich's Abstract State Machines) and then mechanised by the ASM Workbench. The ASM external functions make it possible to simulate under the environmental influence the behaviour of a policy. The interactive features of the Workbench allow the simulation of the policy norms that apply to a given case study, facilitating their understanding. Possible inconsistencies affecting the case study can be automatically detected during the simulation and widely documented. The framework is demonstrated on a published, example security policy. The findings support the claim that adding priorities to roles achieves the crucial goal of consistency.
- M. Abadi, M. Burrows, B. Lampson, and G. Plotkin. A calculus for access control in distributed systems. ACM Transactions on Programming Languages and Systems, 15(4):706-734, 1993.]] Google ScholarDigital Library
- C. Bidan and V. Issarny. Dealing with multi-policy security in large open distributed systems. In Proc. of the 5th European Symposium on Research in Computer Security, LNCS 1485, pages 51-66. Springer, 1998.]] Google ScholarDigital Library
- E. Borger and L. Mearelli. Integrating ASMs into the software development life cycle. Journal of Universal Computer Science, 3(5):603-665, 1997.]]Google Scholar
- L. Catach. TABLEAUX: A general theorem prover for modal logics. Journal of Automated Reasoning, 7(4):489-510, 1991.]]Google ScholarCross Ref
- L. Cholvy and F. Cuppens. Analyzing consistency of security policies. In Proc. of the 16th IEEE Symposium on Security and Privacy. IEEE Press, 1997.]] Google ScholarDigital Library
- F. Cuppens and C. Saurel. Specifying a security policy: A case study. In Proc. of the 9th IEEE Computer Security Foundations Workshop. IEEE Press, 1996.]] Google ScholarDigital Library
- G. Del Castillo. Towards comprehensive tool support for Abstract State Machines: the ASM Workbench tool environment and architecture. In Proc. of International Workshop on Current Trends in Applied Formal Methods, LNCS 1641, pages 311-325. Springer, 1999.]] Google ScholarDigital Library
- G. Del Castillo and K. Winter. Model checking support for the ASM high-level language. In Proc of the 6th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, LNCS 1785, pages 331-346. Springer, 2000.]] Google ScholarDigital Library
- A. Gargantini and E. Riccobene. Encoding abstract state machines in pvs. In Proc. of the International Workshop on Abstract State Machines (ASM'00), LNCS 1912, pages 152-173. Springer, 2000.]] Google ScholarDigital Library
- Y. Gurevich. Evolving algebras 1993: Lipari Guide. In E. Börger, editor, Specification and Validation Methods, pages 9-37. Oxford University Press, 1994.]] Google ScholarDigital Library
- K. Ortalo. A flexible method for information system security policy specification. In Proc. of the 5th European Symposium on Research in Computer Security, LNCS 1485, pages 67-84. Springer, 1998.]] Google ScholarDigital Library
- S. A. Kripke. Semantical considerations on modal logic. Acta Philosophica Fennica, 16:83-94, 1963.]]Google Scholar
Index Terms
- Interactive simulation of security policies
Recommendations
Security policy compliance with violation management
FMSE '07: Proceedings of the 2007 ACM workshop on Formal methods in security engineeringA security policy of an information system is a set of security requirements that correspond to permissions, prohibitions and obligations to execute some actions when some contextual conditions are satisfied. Traditional approaches consider that the ...
Embedding security policies into a distributed computing environment
This paper discusses the implementation of security policies in multipolicy systems. Multipolicy systems are systems supporting a multitude of security policies, each policy governing the applications within its own and precisely defined security ...
A Scenario-Based Test Case Generation Framework for Security Policies
CIS '09: Proceedings of the 2009 International Conference on Computational Intelligence and Security - Volume 01Security policy system is critical to the security sensitive implementation systems. To increase confidence in the correctness of the security policies, policy developers can conduct policy testing to ensure security policies are correctly implemented ...
Comments