On Properties of Policy-Based Specifications

International Workshop on Automated Specification and Verification of Web Sites Pub Date : 2015-08-17 DOI:10.4204/EPTCS.188.5

Andrea Margheri, R. Pugliese, F. Tiezzi

{"title":"On Properties of Policy-Based Specifications","authors":"Andrea Margheri, R. Pugliese, F. Tiezzi","doi":"10.4204/EPTCS.188.5","DOIUrl":null,"url":null,"abstract":"The advent of large-scale, complex computing systems has dramatically increased the difficulties of securing accesses to systems' resources. To ensure confidentiality and integrity, the exploitation of access control mechanisms has thus become a crucial issue in the design of modern computing systems. Among the different access control approaches proposed in the last decades, the policy-based one permits to capture, by resorting to the concept of attribute, all systems' security-relevant information and to be, at the same time, sufficiently flexible and expressive to represent the other approaches. In this paper, we move a step further to understand the effectiveness of policy-based specifications by studying how they permit to enforce traditional security properties. To support system designers in developing and maintaining policy-based specifications, we formalise also some relevant properties regarding the structure of policies. By means of a case study from the banking domain, we present real instances of such properties and outline an approach towards their automatised verification.","PeriodicalId":233765,"journal":{"name":"International Workshop on Automated Specification and Verification of Web Sites","volume":"45 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-08-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Workshop on Automated Specification and Verification of Web Sites","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4204/EPTCS.188.5","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

The advent of large-scale, complex computing systems has dramatically increased the difficulties of securing accesses to systems' resources. To ensure confidentiality and integrity, the exploitation of access control mechanisms has thus become a crucial issue in the design of modern computing systems. Among the different access control approaches proposed in the last decades, the policy-based one permits to capture, by resorting to the concept of attribute, all systems' security-relevant information and to be, at the same time, sufficiently flexible and expressive to represent the other approaches. In this paper, we move a step further to understand the effectiveness of policy-based specifications by studying how they permit to enforce traditional security properties. To support system designers in developing and maintaining policy-based specifications, we formalise also some relevant properties regarding the structure of policies. By means of a case study from the banking domain, we present real instances of such properties and outline an approach towards their automatised verification.

查看原文本刊更多论文

论基于策略的规范的属性

大规模、复杂计算系统的出现极大地增加了对系统资源的安全访问的困难。为了保证数据的保密性和完整性，访问控制机制的开发已经成为现代计算系统设计中的一个关键问题。在过去几十年提出的不同访问控制方法中，基于策略的访问控制方法允许通过使用属性的概念来捕获所有系统的安全相关信息，同时具有足够的灵活性和表达能力来表示其他方法。在本文中，我们将进一步了解基于策略的规范的有效性，通过研究它们如何允许执行传统的安全属性。为了支持系统设计人员开发和维护基于策略的规范，我们还形式化了一些与策略结构相关的属性。通过银行领域的案例研究，我们展示了此类属性的真实实例，并概述了实现其自动化验证的方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Workshop on Automated Specification and Verification of Web Sites

自引率

0.00%

发文量