Heterogeneous Security Policy Validation: From Formal to Executable Specifications
نویسندگان
چکیده
— This paper develops a prototyping technique for information systems security policies. Starting from the algebraic specification of a security policy, we derive an executable specification that represents a prototype of the actual policy. Executing the specification allows determining sequences of actions that lead to security policy violations. We propose a composition framework to build compound algebraic specifications. We show that the mechanism we provide to translate algebraic specifications to executable specifications preserves the composition rules, which is of utmost importance from the engineering perspective. Through accurate examples, we show how executables specifications can be used in conjunction with formal specification in the frame of the security policy engineering process.
منابع مشابه
Formal Specification and Validation of Security Policies
We propose a formal framework for the specification and validation of security policies. To model a secured system, the evolution of security information in the system is described by transitions triggered by authorization requests and the policy is given by a set of rules describing the way the corresponding decisions are taken. Policy rules are constrained rewrite rules whose constraints are ...
متن کاملRule-based Specification and Analysis of Security Policies
We propose a formal framework for the specification and validation of security policies. A security policy responds to the authorisation requests of a system according to a certain number of rules and to the configuration of the system at the moment of the request. A system constrained by a security policy consists of two parts: on one hand, the set of rules describing the way the decisions are...
متن کاملFrom Formal Security Speciications to Executable Assertions - a Distributed Systems Preliminary Study
A security policy for a distributed system can be checked for compliance at run-time, as the system executes, using assertions embedded in software. This paper presents the concept of run-time security assurance, according to a given security policy for a given distributed system, along with mechanisms for its usage. A model problem illustrates the implementation of executable security assertio...
متن کاملValidation of Security Policies
Security Policies constitute the core of network protection infrastructures. However, their development is a sensitive task because it can be in opposition with the security requirements (e.g. lack of rule or conflicting rules). A specification task seems to be indispensible in order to clarify the desired exigencies. A validation process for security policies becomes then necessary before thei...
متن کاملExecutable Specifications in an Object Oriented Formal Notation
Early validation of requirements is crucial for the rigorous development of software. Without it, even the most formal of the methodologies will produce the wrong outcome. One successful approach, popularised by some of the so-called lightweight formal methods, consists in generating (finite, small) models of the specifications. Another possibility is to build a running prototype from those spe...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- JNW
دوره 3 شماره
صفحات -
تاریخ انتشار 2008