Skip to Main content Skip to Navigation

Semi-Automatic Synthesis of Security Policies by Invariant-Guided Abduction - Full version

Abstract : We present a specification approach of secured systems as transition systems and security policies as constraints that guard the transitions. In this context, security properties are expressed as invariants. Then we propose an abduction algorithm to generate possible security policies for a given transition-based system. Because abduction is guided by invariants, the generated security policies enforce security properties specified by these invariants. In this framework we are able to tune abduction in two ways in order to: (i) filter out bad security policies and (ii) generate additional possible security policies. Invariant-guided abduction helps designing policies and thus allows using formal methods much earlier in the process of building secured systems. This approach is illustrated on role-based access control systems.
Document type :
Complete list of metadata

Cited literature [22 references]  Display  Hide  Download
Contributor : Helene Kirchner Connect in order to contact the contributor
Submitted on : Friday, July 30, 2010 - 7:21:22 PM
Last modification on : Friday, February 4, 2022 - 3:12:16 AM
Long-term archiving on: : Thursday, November 4, 2010 - 10:54:10 AM


Files produced by the author(s)


  • HAL Id : inria-00507754, version 1



Clément Hurlin, Helene Kirchner. Semi-Automatic Synthesis of Security Policies by Invariant-Guided Abduction - Full version. [Research Report] 2010, pp.19. ⟨inria-00507754⟩



Record views


Files downloads