DocumentCode
3382630
Title
Nomad: a security model with non atomic actions and deadlines
Author
Cuppens, Frédéric ; Cuppens-Boulahia, Nora ; Sans, Thierry
Author_Institution
GET/ENST-Bretagne, Cesson Sevigne, France
fYear
2005
fDate
20-22 June 2005
Firstpage
186
Lastpage
196
Abstract
Modelling security policies requires means to specify permissions and prohibitions. However, this is generally not sufficient to express security properties such as availability and obligations must be also considered. By contrast to permissions and prohibitions, obligations are often associated with deadlines to specify bounded time availability requirements. In this case, a violation only occurs if the obliged action is not performed before the deadline. On the other hand, when specifying high level security policies, it is convenient to consider abstract non atomic actions. Since most access control mechanisms only deal with atomic actions such as read or write, these non atomic actions must be decomposed into more basic ones. In this paper, we define a formal security model called Nomad to express privileges on non atomic actions. This model combines deontic and temporal logics. In Nomad, we model conditional privileges and obligations with deadlines. We also formally analyze how privileges on non atomic actions can be decomposed into more basic privileges on elementary actions.
Keywords
security of data; temporal logic; Nomad; deontic logic; formal security model; nonatomic actions; nonatomic deadlines; security policies; temporal logic; Access control; Authorization; Availability; Concrete; Data security; Database systems; History; Logic; Operating systems; Permission;
fLanguage
English
Publisher
ieee
Conference_Titel
Computer Security Foundations, 2005. CSFW-18 2005. 18th IEEE Workshop
ISSN
1063-6900
Print_ISBN
0-7695-2340-4
Type
conf
DOI
10.1109/CSFW.2005.20
Filename
1443206
Link To Document