ReAlSec: A Relational Language for Advanced Security Engineering

With the increasing sophistication of attack techniques and scenarios, appropriate automated decision-making systems should be developed. This paper defines a new security language allowing to cope with attack scenarios through the representation of both attacks and security solutions in a single syntactic framework. A subsequent semantic analysis has also been introduced. To implement this reasoning, we introduce a security compiler-like architecture that comes up with substantial novelties with regard to traditional compilers (used in software engineering). The most important innovations are the computation of abstract attack/counter measure specifications and the resolution of the fundamental security equation (FSE). Unlike existing compilation schemes, our approach aims at building a relational specification of the attack through a traversal of its semantic tree. The security solution(s) corresponding the attack of interest is (are) then found by solving the FSE, in the relational algebra of attacks and decisions. Concrete examples have been analyzed in order to highlight the potential of the proposed relational algebra-based security language, called ReAlSec.