{"title":"自动验证STRAC策略","authors":"Yunchuan Guo, Lihua Yin, Li Chao","doi":"10.1109/INFCOMW.2014.6849195","DOIUrl":null,"url":null,"abstract":"In the IoT (Internet of Things), inconsistent ACP (Access Control Policies) would cause disastrous consequences, for example, fire disasters and failures of cardiac pacemakers, as a result, ACP should be verified before they are applied. Tediousness and error-proneness of manual verifications make automatic and formal verification necessary. In this paper, timed automata is presented to formally model the STRAC (Spatio-Temporal Access Control based on Reputation, one policy for the IoT) policies and CTL (Computation Tree Logic) is adopted to describe the properties that should be satisfied by these policies. Then model checker UPPAAL is proposed to automatically verify whether STRAC policies conform to security properties. Experiment results show that our approach is effective.","PeriodicalId":6468,"journal":{"name":"2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","volume":"125 1","pages":"141-142"},"PeriodicalIF":0.0000,"publicationDate":"2014-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Automatically verifying STRAC policy\",\"authors\":\"Yunchuan Guo, Lihua Yin, Li Chao\",\"doi\":\"10.1109/INFCOMW.2014.6849195\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In the IoT (Internet of Things), inconsistent ACP (Access Control Policies) would cause disastrous consequences, for example, fire disasters and failures of cardiac pacemakers, as a result, ACP should be verified before they are applied. Tediousness and error-proneness of manual verifications make automatic and formal verification necessary. In this paper, timed automata is presented to formally model the STRAC (Spatio-Temporal Access Control based on Reputation, one policy for the IoT) policies and CTL (Computation Tree Logic) is adopted to describe the properties that should be satisfied by these policies. Then model checker UPPAAL is proposed to automatically verify whether STRAC policies conform to security properties. Experiment results show that our approach is effective.\",\"PeriodicalId\":6468,\"journal\":{\"name\":\"2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)\",\"volume\":\"125 1\",\"pages\":\"141-142\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-07-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/INFCOMW.2014.6849195\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INFCOMW.2014.6849195","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
摘要
在物联网中,不一致的ACP (Access Control policy)会导致灾难性的后果,例如火灾、心脏起搏器故障等,因此在应用ACP之前需要进行验证。手动验证的繁琐和易出错使得自动和正式的验证成为必要。本文提出了时间自动机对STRAC(基于信誉的时空访问控制,物联网的一个策略)策略进行形式化建模,并采用CTL(计算树逻辑)来描述这些策略应满足的属性。然后提出模型检查器UPPAAL来自动验证STRAC策略是否符合安全属性。实验结果表明,该方法是有效的。
In the IoT (Internet of Things), inconsistent ACP (Access Control Policies) would cause disastrous consequences, for example, fire disasters and failures of cardiac pacemakers, as a result, ACP should be verified before they are applied. Tediousness and error-proneness of manual verifications make automatic and formal verification necessary. In this paper, timed automata is presented to formally model the STRAC (Spatio-Temporal Access Control based on Reputation, one policy for the IoT) policies and CTL (Computation Tree Logic) is adopted to describe the properties that should be satisfied by these policies. Then model checker UPPAAL is proposed to automatically verify whether STRAC policies conform to security properties. Experiment results show that our approach is effective.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
