{"title":"不安全性建模:可生存性的策略工程","authors":"P. Naldurg, R. Campbell","doi":"10.1145/1036921.1036931","DOIUrl":null,"url":null,"abstract":"We present an access-control policy specification and verification process that is well-suited to model survivability of information resources under threat of compromise. Our process differs from the traditional policy engineering methodology in many ways. First, we contend that traditional safety-property modeling cannot provide any guarantees when the policy enforcement mechanisms are compromised. Therefore, we extend traditional access control specifications by modeling insecure states and transitions explicitly, to describe possible system behavior after compromise.\n Next, we observe that it may not always possible to recover from an insecure state, and both compromise and recovery impact the availability of information. Based on these observations, we refine traditional information security properties as liveness assertions and explicitly add recovery actions to our specifications, to guarantee resources are available to legitimate users infinitely often, in spite of malicious attacks or inadvertent compromise. We explain our process using an example behavioral specification and show how we can define different measures of availability and verify them using standard model-checking techniques within this framework.","PeriodicalId":414343,"journal":{"name":"SSRS '03","volume":"52 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Modeling insecurity: policy engineering for survivability\",\"authors\":\"P. Naldurg, R. Campbell\",\"doi\":\"10.1145/1036921.1036931\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We present an access-control policy specification and verification process that is well-suited to model survivability of information resources under threat of compromise. Our process differs from the traditional policy engineering methodology in many ways. First, we contend that traditional safety-property modeling cannot provide any guarantees when the policy enforcement mechanisms are compromised. Therefore, we extend traditional access control specifications by modeling insecure states and transitions explicitly, to describe possible system behavior after compromise.\\n Next, we observe that it may not always possible to recover from an insecure state, and both compromise and recovery impact the availability of information. Based on these observations, we refine traditional information security properties as liveness assertions and explicitly add recovery actions to our specifications, to guarantee resources are available to legitimate users infinitely often, in spite of malicious attacks or inadvertent compromise. We explain our process using an example behavioral specification and show how we can define different measures of availability and verify them using standard model-checking techniques within this framework.\",\"PeriodicalId\":414343,\"journal\":{\"name\":\"SSRS '03\",\"volume\":\"52 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2003-10-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"SSRS '03\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1036921.1036931\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"SSRS '03","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1036921.1036931","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Modeling insecurity: policy engineering for survivability
We present an access-control policy specification and verification process that is well-suited to model survivability of information resources under threat of compromise. Our process differs from the traditional policy engineering methodology in many ways. First, we contend that traditional safety-property modeling cannot provide any guarantees when the policy enforcement mechanisms are compromised. Therefore, we extend traditional access control specifications by modeling insecure states and transitions explicitly, to describe possible system behavior after compromise.
Next, we observe that it may not always possible to recover from an insecure state, and both compromise and recovery impact the availability of information. Based on these observations, we refine traditional information security properties as liveness assertions and explicitly add recovery actions to our specifications, to guarantee resources are available to legitimate users infinitely often, in spite of malicious attacks or inadvertent compromise. We explain our process using an example behavioral specification and show how we can define different measures of availability and verify them using standard model-checking techniques within this framework.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
