Security rules versus security properties

Authors:
Mathieu Jaume
Affiliations:
SPI, LIP6, University Pierre & Marie Curie, Paris Cedex 05, France
Venue:
ICISS'10 Proceedings of the 6th international conference on Information systems security
Year:
2010

Citing 15
Cited 3

A unified framework for enforcing multiple access control policies

SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
A modular approach to composing access control policies

Proceedings of the 7th ACM conference on Computer and communications security
Protection in operating systems

Communications of the ACM
A logical framework for reasoning about access control models

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
An algebra for composing access control policies

ACM Transactions on Information and System Security (TISSEC)
Security Engineering of Lattice-Based Policies

CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
A State-Transition Model of Trust Management and Access Control

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Comparing the expressive power of access control models

Proceedings of the 11th ACM conference on Computer and communications security
Using First-Order Logic to Reason about Policies

ACM Transactions on Information and System Security (TISSEC)
Access-Control Policies via Belnap Logic: Effective and Efficient Composition and Analysis

CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Run-Time Enforcement of Nonsafety Policies

ACM Transactions on Information and System Security (TISSEC)
On a formal framework for security properties

Computer Standards & Interfaces
Specifying and reasoning about dynamic access-control policies

IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Abstractions preserving parameter confidentiality

ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Modular access control via strategic rewriting

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security

Flow based interpretation of access control: detection of illegal information flows

ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Formal specification and validation of security policies

FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Development of secured systems by mixing programs, specifications and proofs in an object-oriented programming environment: a case study within the FoCaLiZe environment

Proceedings of the 7th Workshop on Programming Languages and Analysis for Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

There exist many approaches to specify and to define security policies. We present here a framework in which the basic components of security policies can be expressed, and we identify their role in the description of a policy, of a system and of a secure system. In this setting, we formally describe two approaches to define policies, and we relate them: the rule-based approach consists of specifying the conditions under which an action is granted and, the property-based approach consists of specifying the security properties the policy aims to enforce. We also show how a policy can be applied to constrain an existing system, and how a secure system can be defined from a security policy.