Examining Security Certification and Access Control Conflicts Using Deontic Logic
نویسندگان
چکیده
Component-based software has become a mainstream practice as organizations attempt to streamline application development tasks. These applications invariably contain third-party Commercial-off-the-Shelf (COTS) systems with black box functionality. When integrated applications require security certification, COTS components, even if individually certified, may introduce vulnerabilities into the system if their security mechanisms are poorly combined. One cause of improper integration can be found in the access control mappings across COTS component domains. Missing, conflicting, and ambiguous mappings can lead to non-compliance with security certification criteria. In this paper, we discuss certification criteria applicable to COTS integration and their interpretations to access control across domains. Highlighting common conflicts using deontic logic, we indicate how resolution strategies to those conflicts can comply with certification criteria.
منابع مشابه
Logics for Security and Privacy
In this presentation I first review new developments of deontic logic in computer science, then I discuss the use of dynamic epistemic deontic logic to reason about privacy policies, and finally I discuss the use of modal logic for access control. This presentation is based on joint work with Guillaume Aucher, Guido Boella, Jan Broersen, Dov Gabbay and Valerio Genovese.
متن کاملSpecifying Intrusion Detection and Reaction Policies: An Application of Deontic Logic
The security policy of an information system may include a wide range of different requirements. The literature has primarily focused on access and information flow control requirements and more recently on authentication and usage control requirements. Specifying administration and delegation policies is also an important issue, especially in the context of pervasive distributed systems. In th...
متن کاملConflict detection in obligation with deadline policies
Many papers have already provided models to formally specify security policies. In this paper, security policies are modeled using deontic concepts of permission and obligation. Permission rules are used to specify access control policies, while obligation rules are useful to specify other security requirements corresponding to usage control policies as the availability of information in its al...
متن کاملAnalyzing Consistency of Security Policies
This paper discusses the development of a methodology for reasoning about properties of security policies. We view a security policy as a special case of regulation which specifies what actions some agents are permitted, obliged or forbidden to perform and we formalize a policy by a set of deontic formulae. We first address the problem of checking policy consistency and describe a method for so...
متن کامل