Symbolic model checking: 1020 states and beyond
Information and Computation - Special issue: Selections from 1990 IEEE symposium on logic in computer science
Using a classification of management policies for policy specification and policy transformation
Proceedings of the fourth international symposium on Integrated network management IV
Control principles and role hierarchies
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
The role graph model and conflict of interest
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Alloy: a lightweight object modelling notation
ACM Transactions on Software Engineering and Methodology (TOSEM)
Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Authentication and Confidentiality via IPSEC
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
An Introduction to the Theoretical Aspects of Coloured Petri Nets
A Decade of Concurrency, Reflections and Perspectives, REX School/Symposium
PVS: A Prototype Verification System
CADE-11 Proceedings of the 11th International Conference on Automated Deduction: Automated Deduction
A propositional policy algebra for access control
ACM Transactions on Information and System Security (TISSEC)
Policy-Based Management: Bridging the Gap
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Inter-Domains policy negociation
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Analyzing consistency of security policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Filtering postures: local enforcement for global policies
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Specification and verification of security policies
Specification and verification of security policies
Verifying Enterprise 's Mandatory Access Control Policies with Coloured Petri Nets
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
The enhanced HDM system for specification and verification
ACM SIGSOFT Software Engineering Notes - Proceedings of VERkshop III -- a formal verification workshop
Policy hierarchies for distributed systems management
IEEE Journal on Selected Areas in Communications
Implementation of a Formal Security Policy Refinement Process in WBEM Architecture
Journal of Network and Systems Management
A mobile IP based WLAN security management framework with reconfigurable hardware acceleration
Proceedings of the 3rd international conference on Security of information and networks
A security management information model derivation framework: from goals to configurations
FAST'05 Proceedings of the Third international conference on Formal Aspects in Security and Trust
Specification and analysis of access control policies for mobile applications
Proceedings of the 18th ACM symposium on Access control models and technologies
| Hi-index | 0.00 |
Security policy models allow reasoning about security goals achievements. When security mechanisms are implemented, it is difficult to formally validate the security properties against the security goals especially in a network environment. To assess the implemented security properties, one should consider details regarding the network topology, the forwarding as well as filtering and transform engines. In this paper, we present a Colored Petri Net based tool which allows to describe graphically a given network topology, the network security mechanisms and the security goals required. The tool computes the different functionalities to set up the security properties and formally validates the solution using the dead state of the generated reachability graph analysis. Different security properties such as confidentiality and availability can be studied.