Skip to Main content Skip to Navigation
Reports

Semi-Automatic Synthesis of Security Policies by Invariant-Guided Abduction - Full version

Abstract : We present a specification approach of secured systems as transition systems and security policies as constraints that guard the transitions. In this context, security properties are expressed as invariants. Then we propose an abduction algorithm to generate possible security policies for a given transition-based system. Because abduction is guided by invariants, the generated security policies enforce security properties specified by these invariants. In this framework we are able to tune abduction in two ways in order to: (i) filter out bad security policies and (ii) generate additional possible security policies. Invariant-guided abduction helps designing policies and thus allows using formal methods much earlier in the process of building secured systems. This approach is illustrated on role-based access control systems.
Document type :
Reports
Complete list of metadata

Cited literature [22 references]  Display  Hide  Download

https://hal.inria.fr/inria-00507754
Contributor : Helene Kirchner Connect in order to contact the contributor
Submitted on : Friday, July 30, 2010 - 7:21:22 PM
Last modification on : Friday, February 4, 2022 - 3:12:16 AM
Long-term archiving on: : Thursday, November 4, 2010 - 10:54:10 AM

File

FAST-fullversion.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : inria-00507754, version 1

Collections

Citation

Clément Hurlin, Helene Kirchner. Semi-Automatic Synthesis of Security Policies by Invariant-Guided Abduction - Full version. [Research Report] 2010, pp.19. ⟨inria-00507754⟩

Share

Metrics

Record views

41

Files downloads

55