Specifying dynamic and deonitc integrity constraints
Data & Knowledge Engineering
Solving normative conflicts by merging roles
ICAIL '95 Proceedings of the 5th international conference on Artificial intelligence and law
How responsibility modelling leads to security requirements
NSPW '92-93 Proceedings on the 1992-1993 workshop on New security paradigms
A Logical Analysis of Authorized and Prohibited Information Flows
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Towards a logical formalization of responsibility
Proceedings of the 6th international conference on Artificial intelligence and law
Interactive simulation of security policies
Proceedings of the 2002 ACM symposium on Applied computing
A Comparative Study of Policy Specification Languages for Secure Distributed Applications
DSOM '02 Proceedings of the 13th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Management Technologies for E-Commerce and E-Business Applications
Providing Fine-grained Access Control for Java Programs
ECOOP '99 Proceedings of the 13th European Conference on Object-Oriented Programming
Enforcing Obligation with Security Monitors
ICICS '01 Proceedings of the Third International Conference on Information and Communications Security
A Policy Language for the Management of Distributed Agents
AOSE '01 Revised Papers and Invited Contributions from the Second International Workshop on Agent-Oriented Software Engineering II
Combining logics for modelling security policies
ACSC '05 Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38
Model checking of location and mobility related security policy specifications in ambient calculus
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
Specifying and verifying organizational security properties in first-order logic
Verification, induction termination analysis
Specifying and verifying organizational security properties in first-order logic
Verification, induction termination analysis
A formal policy specification language for an 802.11 WLAN with enhanced security network
ISCIS'05 Proceedings of the 20th international conference on Computer and Information Sciences
Consistency policies for dynamic information systems with declassification flows
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Heuristic safety analysis of access control models
Proceedings of the 18th ACM symposium on Access control models and technologies
| Hi-index | 0.00 |
The objective of this paper is to assist the security administrators, in their attempt to specify, define and formalize security policies suited to a given high risk environment. It is then possible for the administrators to automatically derive consequences of these policies. In particular we want to provide users with the following functionalities: query a given security policy; verify that properties such as consistency and completeness are enforced by a given policy; verify that a given situation does not violate the security policy; investigate interoperability problems between several security policies. In this paper we more precisely focus on the problem of security policies formulization. We want to get a generic approach, being as much domain-independent as possible. In order to achieve the above goals, we have chosen a logic-based approach. It combines a deontic logic to model the concept of permission, obligation and prohibition with a modal logic of action. It also includes the possibility to deal with additional concepts such as role, responsibility and delegation. We illustrate this approach through a case study: a regulation whose purpose is to define means to protect secret data related to the National Defense.