Skip to Main content Skip to Navigation
Preprints, Working Papers, ...

Modular Security Policy Design based on Extended Petri Nets

Hejiao Huang 1, * Helene Kirchner 1
* Corresponding author
1 PAREO - Formal islands: foundations and applications
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Security policies are one of the most fundamental elements of computer security. Their design has to cope with composition of components in security systems and interactions between them. Consequently, a modular approach for specification and verification of security policies is necessary and the composition of modules must consistently ensure fundamental properties of security policies, in a rigorous and systematic way. This paper shows how to use extended Petri net process (EPNP) to specify and verify security policies in a modular way. It defines a few fundamental policy properties, namely completeness, termination, consistency and confluence, in Petri net terminology and relates them to classical notions. According to XACML combiners and to property preserving Petri net process algebra (PPPA), several policy composition operators are specified and property preserving results are stated for the policy correctness verification. The approach is illustrated on the design of a complex policy.
Document type :
Preprints, Working Papers, ...
Complete list of metadata

https://hal.inria.fr/inria-00396924
Contributor : Helene Kirchner <>
Submitted on : Friday, June 19, 2009 - 10:26:35 AM
Last modification on : Friday, February 26, 2021 - 3:28:08 PM
Long-term archiving on: : Tuesday, June 15, 2010 - 5:48:54 PM

File

HAL.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : inria-00396924, version 1

Collections

Citation

Hejiao Huang, Helene Kirchner. Modular Security Policy Design based on Extended Petri Nets. 2009. ⟨inria-00396924⟩

Share

Metrics

Record views

343

Files downloads

200