Title :
Security Policy Refinement: High-Level Specification to Low-Level Implementation
Author :
Xia Yang ; Alves-Foss, Jim
Author_Institution :
Sch. of Comput. Sci. & Eng., Univ. of Electron. Sci. & Technol. of China, Chengdu, China
Abstract :
Security and privacy policies are stated in the context of abstract concepts such as users/roles, objects and actions that relate to a specific level of abstraction in the system design. Refinement of the abstract design down to lower level implementations can result in a disconnect between the implementation and the more abstract security policy. In this paper we introduce the concept of security policy refinement for access control policies that allows us to maintain a tighter coupling between the security policy and its implementation. We use a purpose-based privacy policy as an example to explain the concepts. The resulting refinement technique provides for improved verification and validation that the system, as implemented, satisfies the abstract security policy, and sets the stage for further research in this area.
Keywords :
authorisation; formal specification; formal verification; abstract design; access control policy; high-level specification; purpose-based privacy policy; security policy refinement; Abstracts; Access control; Data privacy; Electronic mail; Hardware; Privacy; purpose-based security; refinement; security policy;
Conference_Titel :
Social Computing (SocialCom), 2013 International Conference on
Conference_Location :
Alexandria, VA
DOI :
10.1109/SocialCom.2013.77
