Hybrid Multi-module Security Policy Verification

Author

Kotenko, Igor ; Chervatuk, Olga ; Sidelnikova, Ekaterina ; Tishkov, Artem

Author_Institution

St. Petersburg Inst. for Informatics & Autom., St. Petersburg

fYear

2007

fDate

13-15 June 2007

Firstpage

277

Lastpage

277

Abstract

To build a powerful and flexible security policy verification tool, it is very important to use the approach which allows covering all possible inconsistencies, has open (extendable) architecture and efficient verification implementation. We suggest using a family of different verification modules each of which can work with acceptable computational complexity for the particular types of conflicts, the system scale and the policy complication. The poster describes a common approach to security policy verification and presents a novel hybrid multi-module security checker (SEC) software tool that can serve as a security policy debugger for various categories of security policy, including authentication, authorization, filtering, channel protection and operational rules.

Keywords

authorisation; computational complexity; filtering theory; formal verification; message authentication; program debugging; software architecture; software tools; authentication; authorization; channel protection; computational complexity; extendable architecture; filtering; multimodule security policy verification; open architecture; operational rules; security policy debugger; software tool; Authentication; Authorization; Automation; Computational complexity; Computer architecture; Data security; Filtering; Informatics; Information security; Software tools;

fLanguage

English

Publisher

ieee

Conference_Titel

Policies for Distributed Systems and Networks, 2007. POLICY '07. Eighth IEEE International Workshop on

Conference_Location

Bologna

Print_ISBN

0-7695-2767-1

Type

conf

DOI

10.1109/POLICY.2007.25

Filename

4262603