1,587 research outputs found
Arguing satisfaction of security requirements
This chapter presents a process for security requirements elicitation and analysis,
based around the construction of a satisfaction argument for the security of a
system. The process starts with the enumeration of security goals based on assets
in the system, then uses these goals to derive security requirements in the form of
constraints. Next, a satisfaction argument for the system is constructed, using a
problem-centered representation, a formal proof to analyze properties that can be
demonstrated, and structured informal argumentation of the assumptions exposed
during construction of the argument. Constructing the satisfaction argument can
expose missing and inconsistent assumptions about system context and behavior
that effect security, and a completed argument provides assurances that a system
can respect its security requirements
Using Event Calculus to Formalise Policy Specification and Analysis
As the interest in using policy-based approaches for systems management grows, it is becoming increasingly important to develop methods for performing analysis and refinement of policy specifications. Although this is an area that researchers have devoted some attention to, none of the proposed solutions address the issues of analysing specifications that combine authorisation and management policies; analysing policy specifications that contain constraints on the applicability of the policies; and performing a priori analysis of the specification that will both detect the presence of inconsistencies and explain the situations in which the conflict will occur. We present a method for transforming both policy and system behaviour specifications into a formal notation that is based on event calculus. Additionally it describes how this formalism can be used in conjunction with abductive reasoning techniques to perform a priori analysis of policy specifications for the various conflict types identified in the literature. Finally, it presents some initial thoughts on how this notation and analysis technique could be used to perform policy refinement
Security Policy Specification Using a Graphical Approach
A security policy states the acceptable actions of an information system, as
the actions bear on security. There is a pressing need for organizations to
declare their security policies, even informal statements would be better than
the current practice. But, formal policy statements are preferable to support
(1) reasoning about policies, e.g., for consistency and completeness, (2)
automated enforcement of the policy, e.g., using wrappers around legacy systems
or after the fact with an intrusion detection system, and (3) other formal
manipulation of policies, e.g., the composition of policies. We present LaSCO,
the Language for Security Constraints on Objects, in which a policy consists of
two parts: the domain (assumptions about the system) and the requirement (what
is allowed assuming the domain is satisfied). Thus policies defined in LaSCO
have the appearance of conditional access control statements. LaSCO policies
are specified as expressions in logic and as directed graphs, giving a visual
view of policy. LaSCO has a simple semantics in first order logic (which we
provide), thus permitting policies we write, even for complex policies, to be
very perspicuous. LaSCO has syntax to express many of the situations we have
found to be useful on policies or, more interesting, the composition of
policies. LaSCO has an object-oriented structure, permitting it to be useful to
describe policies on the objects and methods of an application written in an
object-oriented language, in addition to the traditional policies on operating
system objects. A LaSCO specification can be automatically translated into
executable code that checks an invocation of a program with respect to a
policy. The implementation of LaSCO is in Java, and generates wrappers to check
Java programs with respect to a policy.Comment: 28 pages, 22 figures, in color (but color is not essential for
viewing); UC Davis CS department technical report (July 22, 1998
- …