Modular Security Policy Design based on Extended Petri Nets

Hejiao Huang 1, * Helene Kirchner 1
* Auteur correspondant
1 PAREO - Formal islands: foundations and applications
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Security policies are one of the most fundamental elements of computer security. Their design has to cope with composition of components in security systems and interactions between them. Consequently, a modular approach for specification and verification of security policies is necessary and the composition of modules must consistently ensure fundamental properties of security policies, in a rigorous and systematic way. This paper shows how to use extended Petri net process (EPNP) to specify and verify security policies in a modular way. It defines a few fundamental policy properties, namely completeness, termination, consistency and confluence, in Petri net terminology and relates them to classical notions. According to XACML combiners and to property preserving Petri net process algebra (PPPA), several policy composition operators are specified and property preserving results are stated for the policy correctness verification. The approach is illustrated on the design of a complex policy.
Type de document :
Pré-publication, Document de travail
2009
Liste complète des métadonnées

https://hal.inria.fr/inria-00396924
Contributeur : Helene Kirchner <>
Soumis le : vendredi 19 juin 2009 - 10:26:35
Dernière modification le : jeudi 11 janvier 2018 - 06:22:10
Document(s) archivé(s) le : mardi 15 juin 2010 - 17:48:54

Fichier

HAL.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : inria-00396924, version 1

Collections

Citation

Hejiao Huang, Helene Kirchner. Modular Security Policy Design based on Extended Petri Nets. 2009. 〈inria-00396924〉

Partager

Métriques

Consultations de la notice

286

Téléchargements de fichiers

155