Analysis and run-time verification of dynamic security policies

Authors:
Helge Janicke;François Siewe;Kevin Jones;Antonio Cau;Hussein Zedan
Affiliations:
Software Technology Research Laboratory, Gateway House, De Montfort University, Leicester;Software Technology Research Laboratory, Gateway House, De Montfort University, Leicester;Software Technology Research Laboratory, Gateway House, De Montfort University, Leicester;Software Technology Research Laboratory, Gateway House, De Montfort University, Leicester;Software Technology Research Laboratory, Gateway House, De Montfort University, Leicester
Venue:
DAMAS'05 Proceedings of the 2005 international conference on Defence Applications of Multi-Agent Systems
Year:
2005

Citing 11
Cited 2

Executing temporal logic programs

Executing temporal logic programs
A calculus for access control in distributed systems

ACM Transactions on Programming Languages and Systems (TOPLAS)
Flexible support for multiple access control policies

ACM Transactions on Database Systems (TODS)
TRBAC: A temporal role-based access control model

ACM Transactions on Information and System Security (TISSEC)
A Survey of Concurrent METATEM - the Language and its Applications

ICTL '94 Proceedings of the First International Conference on Temporal Logic
Designing a Provably Correct Robot Control System Using a `Lean' Formal Method

FTRTFT '98 Proceedings of the 5th International Symposium on Formal Techniques in Real-Time and Fault-Tolerant Systems
Some Very Compositional Temporal Properties

PROCOMET '94 Proceedings of the IFIP TC2/WG2.1/WG2.2/WG2.3 Working Conference on Programming Concepts, Methods and Calculi
Secure Middleware for Situation-Aware Naval C2 and Combat Systems

FTDCS '03 Proceedings of the The Ninth IEEE Workshop on Future Trends of Distributed Computing Systems
Authorization in Distributed Systems: A Formal Approach

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Flexible access control policy specification with constraint logic programming

ACM Transactions on Information and System Security (TISSEC)
A compositional framework for access control policies enforcement

Proceedings of the 2003 ACM workshop on Formal methods in security engineering

Distributed Multi-layered Network Management for NEC Using Multi-Agent Systems

Agents and Peer-to-Peer Computing
Runtime verification using policy-based approach to control information flow

International Journal of Security and Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

Ensuring the confidentiality, integrity and availability of information is the key issue in the battle for information superiority and thus is a decisive factor in modern warfare. Security policies and security mechanisms govern the access to information and other resources. Their correct specification, i.e. denial of potentially dangerous access and adherence to all established need-to-know requirements, is critical. In this paper we present a security model that allows to express dynamic access control policies that can change on time or events. A simple agent system, simulating a platoon, is used to show the need and the advantages of our policy model. The paper finally presents how existing tool-support can be used for the analysis and verification of policies.