Skip to Main content Skip to Navigation
Preprints, Working Papers, ...

Modular Security Policy Design based on Extended Petri Nets

Hejiao Huang 1, * Helene Kirchner 1 
* Corresponding author
1 PAREO - Formal islands: foundations and applications
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Security policies are one of the most fundamental elements of computer security. Their design has to cope with composition of components in security systems and interactions between them. Consequently, a modular approach for specification and verification of security policies is necessary and the composition of modules must consistently ensure fundamental properties of security policies, in a rigorous and systematic way. This paper shows how to use extended Petri net process (EPNP) to specify and verify security policies in a modular way. It defines a few fundamental policy properties, namely completeness, termination, consistency and confluence, in Petri net terminology and relates them to classical notions. According to XACML combiners and to property preserving Petri net process algebra (PPPA), several policy composition operators are specified and property preserving results are stated for the policy correctness verification. The approach is illustrated on the design of a complex policy.
Document type :
Preprints, Working Papers, ...
Complete list of metadata
Contributor : Helene Kirchner Connect in order to contact the contributor
Submitted on : Friday, June 19, 2009 - 10:26:35 AM
Last modification on : Wednesday, February 2, 2022 - 3:51:26 PM
Long-term archiving on: : Tuesday, June 15, 2010 - 5:48:54 PM


Files produced by the author(s)


  • HAL Id : inria-00396924, version 1



Hejiao Huang, Helene Kirchner. Modular Security Policy Design based on Extended Petri Nets. 2009. ⟨inria-00396924⟩



Record views


Files downloads