Security policy enforcement through refinement process

Authors:
Nicolas Stouls;Marie-Laure Potet
Affiliations:
Laboratoire Logiciels Systèmes Réseaux – LSR-IMAG, Grenoble, France;Laboratoire Logiciels Systèmes Réseaux – LSR-IMAG, Grenoble, France
Venue:
B'07 Proceedings of the 7th international conference on Formal Specification and Development in B
Year:
2007

Citing 11
Cited 4

The temporal logic of actions

ACM Transactions on Programming Languages and Systems (TOPLAS)
Role-Based Access Control Models

Computer
Data Security

ACM Computing Surveys (CSUR)
Access Control: Policies, Models, and Mechanisms

FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Météor: A Successful Application of B in a Large Project

FM '99 Proceedings of the Wold Congress on Formal Methods in the Development of Computing Systems-Volume I - Volume I
Organization based access control

POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Authorization in Distributed Systems: A Formal Approach

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
A Logical Language for Expressing Authorizations

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Firmato: A novel firewall management toolkit

ACM Transactions on Computer Systems (TOCS)
TGV: theory, principles and algorithms: A tool for the automatic synthesis of conformance test cases for non-deterministic reactive systems

International Journal on Software Tools for Technology Transfer (STTT) - Special section on high-level test of complex systems
Firewall conformance testing

TestCom'05 Proceedings of the 17th IFIP TC6/WG 6.1 international conference on Testing of Communicating Systems

A Verifiable Conformance Relationship between Smart Card Applets and B Security Models

ABZ '08 Proceedings of the 1st international conference on Abstract State Machines, B and Z
Idea: Action Refinement for Security Properties Enforcement

ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Preserving security properties under refinement

Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
Development of secured systems by mixing programs, specifications and proofs in an object-oriented programming environment: a case study within the FoCaLiZe environment

Proceedings of the 7th Workshop on Programming Languages and Analysis for Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

In the area of networks, a common method to enforce a security policy expressed in a high-level language is based on an ad-hoc and manual rewriting process [24]. We argue that it is possible to build a formal link between concrete and abstract terms, which can be dynamically computed from the environment data. In order to progressively introduce configuration data and then simplify the proof obligations, we use the B refinement process. We present a case study modeling a network monitor. This program, described by refinement following the layers of the TCP/IP suite protocol, has to warn for all observed events which do not respect the security policy. To design this model, we use the event-B method because it is suitable for modeling network concepts. This work has been done within the framework of the POTESTAT project [9], based on the research of network testing methods from a high-level security policy.