305,665 research outputs found
Security Policy Consistency
With the advent of wide security platforms able to express simultaneously all
the policies comprising an organization's global security policy, the problem
of inconsistencies within security policies become harder and more relevant.
We have defined a tool based on the CHR language which is able to detect
several types of inconsistencies within and between security policies and other
specifications, namely workflow specifications.
Although the problem of security conflicts has been addressed by several
authors, to our knowledge none has addressed the general problem of security
inconsistencies, on its several definitions and target specifications.Comment: To appear in the first CL2000 workshop on Rule-Based Constraint
Reasoning and Programmin
Towards alignment of architectural domains in security policy specifications
Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be maintained, leading to alignment problems. Approaches from the area of model-driven security enable creating graphical models that span all three domains, but these models do not scale well in real-world scenarios with hundreds of applications and thousands of user roles. In this paper, we demonstrate the feasibility of aligning all three domains in a single enforceable security policy expressed in a Prolog-based formalism by using the Law Governed Interaction (LGI) framework. Our approach alleviates the limitations of policy formalisms that are domain-specific while helping to reach scalability by automatic enforcement provided by LGI
A Spatial-Epistemic Logic for Reasoning about Security Protocols
Reasoning about security properties involves reasoning about where the
information of a system is located, and how it evolves over time. While most
security analysis techniques need to cope with some notions of information
locality and knowledge propagation, usually they do not provide a general
language for expressing arbitrary properties involving local knowledge and
knowledge transfer. Building on this observation, we introduce a framework for
security protocol analysis based on dynamic spatial logic specifications. Our
computational model is a variant of existing pi-calculi, while specifications
are expressed in a dynamic spatial logic extended with an epistemic operator.
We present the syntax and semantics of the model and logic, and discuss the
expressiveness of the approach, showing it complete for passive attackers. We
also prove that generic Dolev-Yao attackers may be mechanically determined for
any deterministic finite protocol, and discuss how this result may be used to
reason about security properties of open systems. We also present a
model-checking algorithm for our logic, which has been implemented as an
extension to the SLMC system.Comment: In Proceedings SecCo 2010, arXiv:1102.516
Provably correct Java implementations of Spi Calculus security protocols specifications
Spi Calculus is an untyped high level modeling language for security protocols, used for formal protocols specification and verification. In this paper, a type system for the Spi Calculus and a translation function are formally defined, in order to formalize the refinement of a Spi Calculus specification into a Java implementation. The Java implementation generated by the translation function uses a custom Java library. Formal conditions on such library are stated, so that, if the library implementation code satisfies such conditions, then the generated Java implementation correctly simulates the Spi Calculus specification. A verified implementation of part of the custom library is further presente
The Johnson Space Center Management Information Systems (JSCMIS). 1: Requirements Definition and Design Specifications for Versions 2.1 and 2.1.1. 2: Documented Test Scenario Environments. 3: Security Design and Specifications
The Johnson Space Center Management Information System (JSCMIS) is an interface to computer data bases at NASA Johnson which allows an authorized user to browse and retrieve information from a variety of sources with minimum effort. This issue gives requirements definition and design specifications for versions 2.1 and 2.1.1, along with documented test scenario environments, and security object design and specifications
The Effects of Social Security on Private Savings: A Reappraisal of the Time Series Evidence
Section I reviews some of the important contributions using time series evidence to estimate Social Securityās impact on private savings. Essential to these studies is the use of a āSocial Security Wealthā (SSW) variable, created by Martin Feldstein (1974), which defines the present value of future discounted Social Security benefits for the entire population under the assumption that each working person retires at the normal retirement age. Section II updates this Social Security Wealth series using both an approximation of Martin Feldsteinās original algorithm and two additional methods suggested by Dean Leimer and Selig Lesnoy (1982). The methodology and assumptions are updated to better account for the richer types of data available today. Section III provides details on the regression specifications and data to be used. Section IV follows with the empirical results of these regression specifications and the point estimates of Social Securityās effect on personal savings. Finally, in Section V provides an analysis of the effectiveness of these estimation techniques. This study finds some support that Social Security Wealth creates an adverse effect for private savings, as private savings is reduced by about half when using the most realistic assumptions for estimating Social Security Wealth, but the results are not robust across different types of specifications.Social Security; Private Savings; Social Security Wealth
Model the System from Adversary Viewpoint: Threats Identification and Modeling
Security attacks are hard to understand, often expressed with unfriendly and
limited details, making it difficult for security experts and for security
analysts to create intelligible security specifications. For instance, to
explain Why (attack objective), What (i.e., system assets, goals, etc.), and
How (attack method), adversary achieved his attack goals. We introduce in this
paper a security attack meta-model for our SysML-Sec framework, developed to
improve the threat identification and modeling through the explicit
representation of security concerns with knowledge representation techniques.
Our proposed meta-model enables the specification of these concerns through
ontological concepts which define the semantics of the security artifacts and
introduced using SysML-Sec diagrams. This meta-model also enables representing
the relationships that tie several such concepts together. This representation
is then used for reasoning about the knowledge introduced by system designers
as well as security experts through the graphical environment of the SysML-Sec
framework.Comment: In Proceedings AIDP 2014, arXiv:1410.322
Managing security control assumptions using causal traceability
Security control specifications of software systems are designed to meet their security requirements. It is difficult to know both the value of assets and the malicious intention of attackers at design time, hence assumptions about the operational environment often reveal unexpected flaws. To diagnose the causes of violations in security requirements it is necessary to check these design-time assumptions. Otherwise, the system could be vulnerable to potential attacks. Addressing such vulnerabilities requires an explicit understanding of how the security control specifications were defined from the original security requirements. However, assumptions are rarely explicitly documented and monitored during system operation. This paper proposes a systematic approach to monitoring design-time assumptions explicitly as logs, by using traceability links from requirements to specifications. The work also helps identify which alternative specifications of security control can be used to satisfy a security requirement that has been violated based on the logs.
The work is illustrated by an example of an electronic patient record system
- ā¦