• DocumentCode
    1842682
  • Title

    Specifying a security policy: a case study

  • Author

    Cuppens, Frédéric ; Saurel, Claire

  • Author_Institution
    ONERA-CERT, Toulouse, France
  • fYear
    1996
  • fDate
    10-12 Jun 1996
  • Firstpage
    123
  • Lastpage
    134
  • Abstract
    The objective of this paper is to assist the security administrators, in their attempt to specify, define and formalize security policies suited to a given high risk environment. It is then possible for the administrators to automatically derive consequences of these policies. In particular we want to provide users with the following functionalities: query a given security policy; verify that properties such as consistency and completeness are enforced by a given policy; verify that a given situation does not violate the security policy; investigate interoperability problems between several security policies. In this paper we more precisely focus on the problem of security policies formulization. We want to get a generic approach, being as much domain-independent as possible. In order to achieve the above goals, we have chosen a logic-based approach. It combines a deontic logic to model the concept of permission, obligation and prohibition with a modal logic of action. It also includes the possibility to deal with additional concepts such as role, responsibility and delegation. We illustrate this approach through a case study: a regulation whose purpose is to define means to protect secret data related to the National Defense
  • Keywords
    formal logic; formal specification; security of data; completeness; consistency; deontic logic; high risk environment; interoperability problems; logic-based approach; security policy specification; Computer aided software engineering; Data mining; Data security; Information security; Logic; National security; Permission; Protection; Risk analysis; Standards organizations;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Foundations Workshop, 1996. Proceedings., 9th IEEE
  • Conference_Location
    Kenmare
  • ISSN
    1063-6900
  • Print_ISBN
    0-8186-7522-5
  • Type

    conf

  • DOI
    10.1109/CSFW.1996.503697
  • Filename
    503697