Title :
Policy Composition Based on Petri Nets
Author :
Huang, Hejiao ; Kirchner, Hélène
Author_Institution :
Harbin Inst. of Technol., Harbin, China
Abstract :
Security policies are one of the most fundamental elements of computer security. For secure interoperation and sharing resources among heterogeneous systems, local policies should correspondingly be integrated for designing a global policy. This paper addresses the problem in a formal way. It uses extended Petri net process to specify and verify security policies in a modular way. It defines four types of policy compositions such that the integrated policy is capable of handling resources sharing, simultaneously executing operations and embedding sub-policies into main policies in multiple heterogeneous systems. Furthermore, the global policy can preserve the fundamental policy properties, i.e.,completeness, termination, consistency and confluence, and satisfy policy autonomy and security principles that are required for secure interoperation.
Keywords :
Petri nets; distributed processing; formal specification; formal verification; open systems; resource allocation; security of data; completeness property; computer security policy composition; confluence property; consistency property; distributed resource sharing; extended Petri net process; global security policy; local security policy; modular specification; modular verification; multiple heterogeneous system; secure interoperation; termination property; Application software; Computer applications; Computer security; Formal specifications; Hardware; Information security; Interference; Pervasive computing; Petri nets; Software systems; Petri nets; policy composition;
Conference_Titel :
Computer Software and Applications Conference, 2009. COMPSAC '09. 33rd Annual IEEE International
Conference_Location :
Seattle, WA
Print_ISBN :
978-0-7695-3726-9
DOI :
10.1109/COMPSAC.2009.169
