On Formal Specification and Analysis of Security Policies

Tony Bourdier 1 Horatiu Cirstea 1 Mathieu Jaume 2 Hélène Kirchner 1, 3
1 PAREO - Formal islands: foundations and applications
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
2 SPI - Sémantiques, preuves et implantation
LIP6 - Laboratoire d'Informatique de Paris 6
Abstract : Security policies are ubiquitous in information systems and more generally in the management of sensitive information. Access control policies are probably the most largely used policies but their application goes well beyond this application domain. The enforcement of security policies is useless if some of their key properties like the consistency, for example, cannot be stated and checked. We propose here a framework where the security policies and the systems they are applied on, are specified separately but using a common formalism. This separation allows us not only some analysis of the policy independently of the target system but also the application of a given policy on different systems. Besides the abstract formalism we also explore how rewrite and reduction systems can be used and combined in a rather systematic way to provide executable specifications for this framework. We also propose a notion of system and policy transformation that gives the possibility to study some properties which cannot be expressed only within the initial presentation. We have shown, in particular, how confidentiality, integrity and confinment can be expressed for the BLP policy that does not deal explicitly with information flows but only with objects containing tractable information.
Type de document :
Communication dans un congrès
2010 Grande Region Security and Reliability Day, Mar 2010, Saarbrücken, Germany. 2010
Liste complète des métadonnées

Littérature citée [14 références]  Voir  Masquer  Télécharger

Contributeur : Tony Bourdier <>
Soumis le : vendredi 30 juillet 2010 - 10:39:22
Dernière modification le : mardi 11 décembre 2018 - 01:24:31
Document(s) archivé(s) le : jeudi 1 décembre 2016 - 12:07:04


Fichiers produits par l'(les) auteur(s)


  • HAL Id : inria-00429240, version 3


Tony Bourdier, Horatiu Cirstea, Mathieu Jaume, Hélène Kirchner. On Formal Specification and Analysis of Security Policies. 2010 Grande Region Security and Reliability Day, Mar 2010, Saarbrücken, Germany. 2010. 〈inria-00429240v3〉



Consultations de la notice


Téléchargements de fichiers