• DocumentCode
    660822
  • Title

    Security Policy Refinement: High-Level Specification to Low-Level Implementation

  • Author

    Xia Yang ; Alves-Foss, Jim

  • Author_Institution
    Sch. of Comput. Sci. & Eng., Univ. of Electron. Sci. & Technol. of China, Chengdu, China
  • fYear
    2013
  • fDate
    8-14 Sept. 2013
  • Firstpage
    502
  • Lastpage
    511
  • Abstract
    Security and privacy policies are stated in the context of abstract concepts such as users/roles, objects and actions that relate to a specific level of abstraction in the system design. Refinement of the abstract design down to lower level implementations can result in a disconnect between the implementation and the more abstract security policy. In this paper we introduce the concept of security policy refinement for access control policies that allows us to maintain a tighter coupling between the security policy and its implementation. We use a purpose-based privacy policy as an example to explain the concepts. The resulting refinement technique provides for improved verification and validation that the system, as implemented, satisfies the abstract security policy, and sets the stage for further research in this area.
  • Keywords
    authorisation; formal specification; formal verification; abstract design; access control policy; high-level specification; purpose-based privacy policy; security policy refinement; Abstracts; Access control; Data privacy; Electronic mail; Hardware; Privacy; purpose-based security; refinement; security policy;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Social Computing (SocialCom), 2013 International Conference on
  • Conference_Location
    Alexandria, VA
  • Type

    conf

  • DOI
    10.1109/SocialCom.2013.77
  • Filename
    6693374
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=660822