Title :
Using Policy Enforcement Graphs in a Separation-Based High Assurance Architecture
Author :
Wahsheh, Lu Ay A ; Alves-Foss, Jim
Author_Institution :
Idaho Univ., Moscow
Abstract :
As the use of computer systems becomes more commonly employed, managing security becomes more complex. One fundamental key to effective enforcement of security standards is the support of security policies. We present a novel graph-based approach to the specification of security policies and verification of designs that enforce the policies. This methodology provides system security managers with a procedural engineering approach that will ensure that security policy enforcement is addressed during the process of refining of the high-level system design down to a low-level implementation. We present an inter-enclave multi-policy paradigm using Policy Enforcement Graphs for information access of the Multiple Independent Levels of Security and Safety (MILS) approach to high assurance system design for security-and safety-critical multi-enclave systems. Our methodology is structured and allows for policy evolution development.
Keywords :
formal specification; formal verification; graph theory; security of data; computer systems; information access; inter-enclave multi policy paradigm; multiple independent levels of security and safety; policy enforcement graphs; procedural engineering approach; security policy specification; security/safety-critical multienclave system; separation-based high assurance architecture design; system security managers; Access control; Authentication; Availability; Communication system security; Computer security; Data security; Guidelines; Information security; Multilevel systems; Safety;
Conference_Titel :
Information Reuse and Integration, 2007. IRI 2007. IEEE International Conference on
Conference_Location :
Las Vegas, IL
Print_ISBN :
1-4244-1500-4
Electronic_ISBN :
1-4244-1500-4
DOI :
10.1109/IRI.2007.4296618
