An automata theoretic decision procedure for the propositional mu-calculus
Information and Computation
Operational and algebraic semantics of concurrent processes
Handbook of theoretical computer science (vol. B)
ACM Transactions on Information and System Security (TISSEC)
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Handbook of Process Algebra
Analysis of security protocols as open systems
Theoretical Computer Science
MFCS '00 Proceedings of the 25th International Symposium on Mathematical Foundations of Computer Science
Model Checking and Fault Tolerance
AMAST '97 Proceedings of the 6th International Conference on Algebraic Methodology and Software Technology
Synthesizing Monitors for Safety Properties
TACAS '02 Proceedings of the 8th International Conference on Tools and Algorithms for the Construction and Analysis of Systems
Open Systems in Reactive Environments: Control and Synthesis
CONCUR '00 Proceedings of the 11th International Conference on Concurrency Theory
Concurrency and Automata on Infinite Sequences
Proceedings of the 5th GI-Conference on Theoretical Computer Science
Synthesizing Processes and Schedulers from Temporal Specifications
CAV '90 Proceedings of the 2nd International Workshop on Computer Aided Verification
LICS '95 Proceedings of the 10th Annual IEEE Symposium on Logic in Computer Science
Partial Model Checking and Theorem Proving for Ensuring Security Properties
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Games for synthesis of controllers with partial observation
Theoretical Computer Science - Logic and complexity in computer science
Enforcing Secure Service Composition
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Information flow security in dynamic contexts
Journal of Computer Security
Through Modeling to Synthesis of Security Automata
Electronic Notes in Theoretical Computer Science (ENTCS)
Automated Synthesis of Enforcing Mechanisms for Security Properties in a Timed Setting
Electronic Notes in Theoretical Computer Science (ENTCS)
ConSpec -- A Formal Language for Policy Specification
Electronic Notes in Theoretical Computer Science (ENTCS)
Compositional analysis for verification of parameterized systems
TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
A tool for the synthesis of controller programs
FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
Checking risky events is enough for local policies
ICTCS'05 Proceedings of the 9th Italian conference on Theoretical Computer Science
Safety interfaces for component-based systems
SAFECOMP'05 Proceedings of the 24th international conference on Computer Safety, Reliability, and Security
Preserving security properties under refinement
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
From qualitative to quantitative enforcement of security policy
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
A tool for the synthesis of cryptographic orchestrators
Proceedings of the Workshop on Model-Driven Security
| Hi-index | 0.00 |
This paper concerns the study, the development and the synthesis of mechanisms for guaranteeing the security of complex systems, i.e. systems composed of several interacting components. A complex system under analysis is described as an open system, i.e. a system in which an unspecified component (a component whose behaviour is not fixed in advance) interacts with the known part of the system. Within this formal approach, we propose techniques that aim at synthesize controller programs able to guarantee that, for all possible behaviours of the unspecified component, the system should work properly, e.g. it should be able to satisfy a certain property. For performing this task, we first need to identify the set of necessary and sufficient conditions that the unspecified component has to satisfy in order to ensure that the whole system is secure. Hence, by exploiting the satisfiability procedures for temporal logic, we automatically synthesize an appropriate controller program that forces the unspecified component to meet these conditions. This will ensure the security of the whole system. In particular, we contribute within the area of the enforcement of security properties by proposing a flexible and automated framework that goes beyond the definition of how a system should behave to work properly. Indeed, while the majority of the related work focuses on the definition of monitoring mechanisms, we also address the synthesis problem. Moreover, we describe a tool for the synthesis of secure systems which is able to generate appropriate controller programs. This tool is also able to translate the synthesized controller programs into the ConSpec language. ConSpec programs can be actually deployed for enforcing security policies on mobile Java applications by using the run-time framework developed in the ambit of the European Project S3MS. Copyright © 2010 John Wiley & Sons, Ltd. (This work is an expanded and revised version of [1–3].)