Toward a Formal Characterization of Policy Specification & Analysis
نویسندگان
چکیده
Policy-based management of the security of a military communications network can simplify the configuration process, while increasing security and availability. An effective policy-based approach requires analysis of policies for inconsistencies, and for desired security properties. It also must provide for the refinement of high-level security goals into concrete policies. This paper defines a language based on first-order logic formulae containing explicit time arguments which is expressive enough for specifying a range of authorization and obligation security policies, while supporting the formalisms and automated tools needed for analysis and refinement. Both system behavior and the semantics of the policies themselves are defined in terms of execution traces, to enable reasoning about algorithmic solutions to policy analysis. The paper also proposes some analysis tools based on the use of logical abduction.
منابع مشابه
A model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کاملWeb Service Choreography Verification Using Z Formal Specification
Web Service Choreography Description Language (WS-CDL) describes and orchestrates the services interactions among multiple participants. WS-CDL verification is essential since the interactions would lead to mismatches. Existing works verify the messages ordering, the flow of messages, and the expected results from collaborations. In this paper, we present a Z specification of WS-CDL. Besides ve...
متن کاملConSpec – a formal language for policy specification 1
The paper presents ConSpec, an automata based policy specification language. The language trades off clean semantics to language expressiveness; a formal semantics for the language is provided as security automata. ConSpec specifications can be used at different stages of the application lifecycle, rendering possible the formalization of various policy enforcement techniques.
متن کاملA formal role-based access control model for security policies in multi-domain mobile networks
Mobile users present challenges for security in multi-domain mobile networks. The actions of mobile users moving across security domains need to be specified and checked against domain and inter-domain policies. We propose a new formal security policy model for multi-domain mobile networks, called FPM-RBAC, Formal Policy Model for Mobility with Role Based Access Control. FPM-RBAC supports the s...
متن کاملHeterogeneous Security Policy Validation: From Formal to Executable Specifications
— This paper develops a prototyping technique for information systems security policies. Starting from the algebraic specification of a security policy, we derive an executable specification that represents a prototype of the actual policy. Executing the specification allows determining sequences of actions that lead to security policy violations. We propose a composition framework to build com...
متن کامل