使用软约束的完整性策略分析

Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks Pub Date : 2003-06-04 DOI:10.1109/POLICY.2003.1206959

Stefano Bistarelli, S. Foley

{"title":"使用软约束的完整性策略分析","authors":"Stefano Bistarelli, S. Foley","doi":"10.1109/POLICY.2003.1206959","DOIUrl":null,"url":null,"abstract":"An integrity policy defines the situations when modification of information is authorized and is enforced by the security mechanisms of the system. However, in a complex application system it is possible that an integrity policy may have been incorrectly specified and, as a result, a user may be authorized to modify information that can lead to an unexpected system compromise. We outline a scalable and quantitative technique that uses constraint solving to model and analyze the effectiveness of application system integrity policies.","PeriodicalId":391947,"journal":{"name":"Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"Analysis of integrity policies using soft constraints\",\"authors\":\"Stefano Bistarelli, S. Foley\",\"doi\":\"10.1109/POLICY.2003.1206959\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"An integrity policy defines the situations when modification of information is authorized and is enforced by the security mechanisms of the system. However, in a complex application system it is possible that an integrity policy may have been incorrectly specified and, as a result, a user may be authorized to modify information that can lead to an unexpected system compromise. We outline a scalable and quantitative technique that uses constraint solving to model and analyze the effectiveness of application system integrity policies.\",\"PeriodicalId\":391947,\"journal\":{\"name\":\"Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2003-06-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/POLICY.2003.1206959\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/POLICY.2003.1206959","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 13

摘要

完整性策略定义了系统安全机制授权和强制修改信息的情况。然而，在复杂的应用程序系统中，完整性策略可能被错误地指定，因此，用户可能被授权修改可能导致意外系统危害的信息。我们概述了一种可扩展的定量技术，该技术使用约束求解来建模和分析应用程序系统完整性策略的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Analysis of integrity policies using soft constraints

An integrity policy defines the situations when modification of information is authorized and is enforced by the security mechanisms of the system. However, in a complex application system it is possible that an integrity policy may have been incorrectly specified and, as a result, a user may be authorized to modify information that can lead to an unexpected system compromise. We outline a scalable and quantitative technique that uses constraint solving to model and analyze the effectiveness of application system integrity policies.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks

自引率

0.00%

发文量