Modeling insecurity: policy engineering for survivability

  • Authors:

  • Prasad Naldurg;Roy H. Campbell

  • Affiliations:

  • University of Illinois at Urbana-Champaign, IL;University of Illinois at Urbana-Champaign, IL

  • Venue:
  • Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
  • Year:
  • 2003

Quantified Score

Hi-index 0.00

Visualization

Abstract

We present an access-control policy specification and verification process that is well-suited to model survivability of information resources under threat of compromise. Our process differs from the traditional policy engineering methodology in many ways. First, we contend that traditional safety-property modeling cannot provide any guarantees when the policy enforcement mechanisms are compromised. Therefore, we extend traditional access control specifications by modeling insecure states and transitions explicitly, to describe possible system behavior after compromise. Next, we observe that it may not always possible to recover from an insecure state, and both compromise and recovery impact the availability of information. Based on these observations, we refine traditional information security properties as liveness assertions and explicitly add recovery actions to our specifications, to guarantee resources are available to legitimate users infinitely often, in spite of malicious attacks or inadvertent compromise. We explain our process using an example behavioral specification and show how we can define different measures of availability and verify them using standard model-checking techniques within this framework.