Generative communication in Linda
ACM Transactions on Programming Languages and Systems (TOPLAS)
Parallel program design: a foundation
Parallel program design: a foundation
A Notation and Logic for Mobile Computing
Formal Methods in System Design
Secure shared data-space coordination languages: a process algebraic surveys
Science of Computer Programming - Special issue on security issues in coordination models, languages, and systems
Modeling adaptive behaviors in Context UNITY
Theoretical Computer Science
Model-Based Security Engineering of Distributed Information Systems Using UMLsec
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Model-based security analysis for mobile communications
Proceedings of the 30th international conference on Software engineering
Extracting security control requirements
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
NIST Special Publication 800-53 Revision 3 Recommended Security Controls for Federal Information Systems and Organizations
Seventh international workshop on software engineering for secure systems (SESS 2011)
Proceedings of the 33rd International Conference on Software Engineering
Hi-index | 0.00 |
Security certification includes assessing an information system to verify its compliance with diverse, pre-selected security controls. The goal of certification is to identify where controls are implemented correctly and where they are violated, creating potential vulnerability risks. Certification complexity is magnified in software composed of systems of systems where there are limited formal methodologies to express management policies, given a set of security control properties, and verify them against the interaction of the participating components and their individual security policy implementations. In this paper, we extend Context UNITY, a formal, distributed, and context aware coordination language to support policy controls. The new language features enforce security controls and provide a means to declare policy specifics in a manner similar to declaring variable types. We use these features in a specification to show how verifying system compliance with selected security controls, such as those found in the NIST SP800-53 document, can be accomplished.