Model-Driven security policy deployment: property oriented approach

Authors:
Stere Preda;Nora Cuppens-Boulahia;Frédéric Cuppens;Joaquin Garcia-Alfaro;Laurent Toutain
Affiliations:
IT TELECOM Bretagne CS 17607, 35576 Cesson-Sévigné, France;IT TELECOM Bretagne CS 17607, 35576 Cesson-Sévigné, France;IT TELECOM Bretagne CS 17607, 35576 Cesson-Sévigné, France;IT TELECOM Bretagne CS 17607, 35576 Cesson-Sévigné, France;IT TELECOM Bretagne CS 17607, 35576 Cesson-Sévigné, France
Venue:
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Year:
2010

Citing 15
Cited 2

Role-Based Access Control Models

Computer
The B-book: assigning programs to meanings

The B-book: assigning programs to meanings
The Ponder Policy Specification Language

POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
IPSec/VPN Security Policy: Correctness, Conflict Detection, and Resolution

POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Organization based access control

POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Rewriting of imperative programs into logical equations

Science of Computer Programming
Implementation of a Formal Security Policy Refinement Process in WBEM Architecture

Journal of Network and Systems Management
High Level Conflict Management Strategies in Advanced Access Control Models

Electronic Notes in Theoretical Computer Science (ENTCS)
Formal correctness of conflict detection for firewalls

Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Complete analysis of configuration rules to guarantee reliable network security policies

International Journal of Information Security
Model-based security analysis for mobile communications

Proceedings of the 30th international conference on Software engineering
Semantic context aware security policy deployment

Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Formal derivation of spanning trees algorithms

ZB'03 Proceedings of the 3rd international conference on Formal specification and development in Z and B
Secure Systems Development with UML

Secure Systems Development with UML
Integration of security policy into system modeling

B'07 Proceedings of the 7th international conference on Formal Specification and Development in B

MIRAGE: a management tool for the analysis and deployment of network security policies

DPM'10/SETOP'10 Proceedings of the 5th international Workshop on data privacy management, and 3rd international conference on Autonomous spontaneous security
Combining UML, ASTD and B for the formal specification of an access control filter

Innovations in Systems and Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

We address the issue of formally validating the deployment of access control security policies. We show how the use of a formal expression of the security requirements, related to a given system, ensures the deployment of an anomaly free abstract security policy. We also describe how to develop appropriate algorithms by using a theorem proving approach with a modeling language allowing the specification of the system, of the link between the system and the policy, and of certain target security properties. The result is a set of proved algorithms that constitute the certified technique for a reliable security policy deployment.