Automata-based approach to design and analyze security policies

Author

Krombi, Wadie ; Erradi, M. ; Khoumsi, Ahmed

Author_Institution

ENSIAS, Mohammed V-Souissi Univ., Rabat, Morocco

fYear

2014

fDate

23-24 July 2014

Firstpage

306

Lastpage

313

Abstract

Information systems must be controlled by security policies to protect them from undue accesses. Security policies are often designed by rules expressed using informal text, which implies ambiguities and inconsistencies in security rules. Our objective in this paper is to develop a formal approach to design and analyze security policies. We propose a procedure that synthesizes an automaton which implements a given security policy. Our automata-based approach can be a common basis to analyze several aspects of security policies. We use our automata-based approach to develop three analysis procedures to: verify completeness of a security policy, detect anomalies in a security policy, and detect functional discrepancies between several implementations of a security policy. We illustrate our approach using examples of security policies for a firewall.

Keywords

automata theory; data protection; firewalls; information systems; anomaly detection; automata synthesis; automata-based approach; firewall security policies; formal approach; functional discrepancy detection; information system protection; security policy analysis; security policy completeness verification; security policy design; Automata; Boolean functions; Data structures; Educational institutions; Firewalls (computing); Protocols;

fLanguage

English

Publisher

ieee

Conference_Titel

Privacy, Security and Trust (PST), 2014 Twelfth Annual International Conference on

Conference_Location

Toronto, ON

Print_ISBN

978-1-4799-3502-4

Type

conf

DOI

10.1109/PST.2014.6890953

Filename

6890953