On Formal Specification and Analysis of Security Policies

Tony Bourdier 1 Horatiu Cirstea 1 Mathieu Jaume 2 Hélène Kirchner 1, 3
1 PAREO - Formal islands: foundations and applications
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
2 SPI - Sémantiques, preuves et implantation
LIP6 - Laboratoire d'Informatique de Paris 6
Abstract : Security policies are ubiquitous in information systems and more generally in the management of sensitive information. Access control policies are probably the most largely used policies but their application goes well beyond this application domain. The enforcement of security policies is useless if some of their key properties like the consistency, for example, cannot be stated and checked. We propose here a framework where the security policies and the systems they are applied on, are specified separately but using a common formalism. This separation allows us not only some analysis of the policy independently of the target system but also the application of a given policy on different systems. Besides the abstract formalism we also explore how rewrite and reduction systems can be used and combined in a rather systematic way to provide executable specifications for this framework. We also propose a notion of system and policy transformation that gives the possibility to study some properties which cannot be expressed only within the initial presentation. We have shown, in particular, how confidentiality, integrity and confinment can be expressed for the BLP policy that does not deal explicitly with information flows but only with objects containing tractable information.
Document type :
Conference papers
Liste complète des métadonnées

Cited literature [14 references]  Display  Hide  Download

https://hal.inria.fr/inria-00429240
Contributor : Tony Bourdier <>
Submitted on : Friday, July 30, 2010 - 10:39:22 AM
Last modification on : Thursday, March 21, 2019 - 1:20:15 PM
Document(s) archivé(s) le : Thursday, December 1, 2016 - 12:07:04 PM

File

article.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : inria-00429240, version 3

Citation

Tony Bourdier, Horatiu Cirstea, Mathieu Jaume, Hélène Kirchner. On Formal Specification and Analysis of Security Policies. 2010 Grande Region Security and Reliability Day, Mar 2010, Saarbrücken, Germany. ⟨inria-00429240v3⟩

Share

Metrics

Record views

280

Files downloads

244