Security policy analysis using deductive spreadsheets

Authors:
Anu Singh;C. R. Ramakrishnan;I. V. Ramakrishnan;Scott D. Stoller;David S. Warren
Affiliations:
Stony Brook University, Stony Brook, NY;Stony Brook University, Stony Brook, NY;Stony Brook University, Stony Brook, NY;Stony Brook University, Stony Brook, NY;Stony Brook University, Stony Brook, NY
Venue:
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Year:
2007

Citing 13
Cited 1

Programming with sets; an introduction to SETL

Programming with sets; an introduction to SETL
Computing with logic: logic programming with Prolog

Computing with logic: logic programming with Prolog
Role-Based Access Control Models

Computer
Policy management using access control spaces

ACM Transactions on Information and System Security (TISSEC)
A user-centred approach to functions in Excel

ICFP '03 Proceedings of the eighth ACM SIGPLAN international conference on Functional programming
Cassandra: Flexible Trust Management, Applied to Electronic Health Records

CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
PrediCalc: a logical spreadsheet management system

VLDB '05 Proceedings of the 31st international conference on Very large data bases
NETRA:: seeing through access control

Proceedings of the fourth ACM workshop on Formal methods in security
Analyzing integrity protection in the SELinux example policy

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
MulVAL: a logic-based network security analyzer

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Using datalog with binary decision diagrams for program analysis

APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
Incremental evaluation of tabled prolog: beyond pure logic programs

PADL'06 Proceedings of the 8th international conference on Practical Aspects of Declarative Languages
Deductive spreadsheets using tabled logic programming

ICLP'06 Proceedings of the 22nd international conference on Logic Programming

Extending logical attack graphs for efficient vulnerability analysis

Proceedings of the 15th ACM conference on Computer and communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

As security policies get larger and more complex, analysis tools that help users understand and validate security policies are becoming more important.This paper explores the use of deductive spreadsheets for security policy analysis.Deductive spreadsheets combine the power ofdeductive rules (for specifying policies and analyses) with the usability of spreadsheets.This approach is introduced with a simple example of analyzing information flow allowed by RBAC policies and then applied in two case studies: analysis of computer system configurations and analysisof Security-Enhanced Linux access control policies.