ConSpec – a formal language for policy specification 1
نویسندگان
چکیده
The paper presents ConSpec, an automata based policy specification language. The language trades off clean semantics to language expressiveness; a formal semantics for the language is provided as security automata. ConSpec specifications can be used at different stages of the application lifecycle, rendering possible the formalization of various policy enforcement techniques.
منابع مشابه
Web Service Choreography Verification Using Z Formal Specification
Web Service Choreography Description Language (WS-CDL) describes and orchestrates the services interactions among multiple participants. WS-CDL verification is essential since the interactions would lead to mismatches. Existing works verify the messages ordering, the flow of messages, and the expected results from collaborations. In this paper, we present a Z specification of WS-CDL. Besides ve...
متن کاملA model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کاملFormal Specification and Integration of Distributed Security Policies
We propose in this paper the Security Policy Language (SePL), which is a formal language for capturing and integrating distributed security policies. The syntax of SePL includes several operators for the integration of policies and it is endowed with a denotational semantics that is a generic semantics, i.e., which is independent of any evaluation environment. We prove the completeness of SePL ...
متن کاملA Proof Carrying Code Framework for Inlined Reference Monitors in Java Bytecode
We propose a lightweight approach for certification of Java bytecode monitor inlining using proof-carrying code. The main purpose of such a framework is to enable development use of monitoring for quality assurance, while minimizing the runtime overhead of monitoring, minimizing the need for changes to the loadand runtime tcb, and eliminating the need for post-shipping code rewrites with the re...
متن کاملDomain Based Internet Security Policy Management
Abstract. As security devices and protocols become widely used on the Internet, the task of managing and processing communication security policies grows steeply in its complexity. This paper presents a scaleable, robust, secure distributed system that can manage communication security policies associated with multiple network domains and resolving the policies — esp. those that specify the use...
متن کامل