Refinement-based design of a group-centric secure information sharing model

Authors:
Wanying Zhao;Jianwei Niu;William H. Winsborough
Affiliations:
The University of Texas at San Antonio, San Antonio, TX, USA;The University of Texas at San Antonio, San Antonio, TX, USA;The University of Texas at San Antonio, San Antonio, TX, USA
Venue:
Proceedings of the second ACM conference on Data and Application Security and Privacy
Year:
2012

Citing 11
Cited 0

Model checking and abstraction

ACM Transactions on Programming Languages and Systems (TOPLAS)
A First Step Towards Formal Verification of Security Policy Properties for RBAC

QSIC '04 Proceedings of the Quality Software, Fourth International Conference
Privacy and Contextual Integrity: Framework and Applications

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
A model-checking approach to analysing organisational controls in a loan origination process

Proceedings of the eleventh ACM symposium on Access control models and technologies
Synthesising verified access control systems through model checking

Journal of Computer Security
Towards Formal Verification of Role-Based Access Control Policies

IEEE Transactions on Dependable and Secure Computing
Foundations for group-centric secure information sharing models

Proceedings of the 14th ACM symposium on Access control models and technologies
Developing security protocols by refinement

Proceedings of the 17th ACM conference on Computer and communications security
Group-Centric Secure Information-Sharing Models for Isolated Groups

ACM Transactions on Information and System Security (TISSEC)
Preserving secrecy under refinement

ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Model checking and abstraction to the aid of parameterized systems (a survey)

Computer Languages, Systems and Structures

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents a formal, state machine-based specification (stateful specification) of a group-centric secure information sharing (g-SIS) model. The stateful specification given here is a refinement of a prior specification that is given in first-order linear temporal logic (FOTL). Such FOTL specification defines authorization based solely on group operations, but gives little guidance regarding implementation. The current specification is the result of a second step in a multi-step design process that separates concerns and provides multiple opportunities to detect unintended policy characteristics. We show that our stateful specification is consistent with the prior FOTL specification by using a combination of model-checking and manual techniques.