Security policy foundations in context UNITY

Authors:
M. Todd Gamble;Rose F. Gamble;Matthew L. Hale
Affiliations:
University of Tulsa, Tulsa, OK, USA;University of Tulsa, Tulsa, OK, USA;University of Tulsa, Tulsa, OK, USA
Venue:
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
Year:
2011

Citing 9
Cited 1

Generative communication in Linda

ACM Transactions on Programming Languages and Systems (TOPLAS)
Parallel program design: a foundation

Parallel program design: a foundation
A Notation and Logic for Mobile Computing

Formal Methods in System Design
Secure shared data-space coordination languages: a process algebraic surveys

Science of Computer Programming - Special issue on security issues in coordination models, languages, and systems
Modeling adaptive behaviors in Context UNITY

Theoretical Computer Science
Model-Based Security Engineering of Distributed Information Systems Using UMLsec

ICSE '07 Proceedings of the 29th international conference on Software Engineering
Model-based security analysis for mobile communications

Proceedings of the 30th international conference on Software engineering
Extracting security control requirements

Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
NIST Special Publication 800-53 Revision 3 Recommended Security Controls for Federal Information Systems and Organizations

NIST Special Publication 800-53 Revision 3 Recommended Security Controls for Federal Information Systems and Organizations

Seventh international workshop on software engineering for secure systems (SESS 2011)

Proceedings of the 33rd International Conference on Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security certification includes assessing an information system to verify its compliance with diverse, pre-selected security controls. The goal of certification is to identify where controls are implemented correctly and where they are violated, creating potential vulnerability risks. Certification complexity is magnified in software composed of systems of systems where there are limited formal methodologies to express management policies, given a set of security control properties, and verify them against the interaction of the participating components and their individual security policy implementations. In this paper, we extend Context UNITY, a formal, distributed, and context aware coordination language to support policy controls. The new language features enforce security controls and provide a means to declare policy specifics in a manner similar to declaring variable types. We use these features in a specification to show how verifying system compliance with selected security controls, such as those found in the NIST SP800-53 document, can be accomplished.