Verifying Security Policies Using Host Attributes

نویسندگان

  • Cornelius Diekmann
  • Stephan-Alexander Posselt
  • Heiko Niedermayer
  • Holger Kinkelin
  • Oliver Hanka
  • Georg Carle
چکیده

For the formal verification of a network security policy, it is crucial to express the verification goals. These formal goals, called security invariants, should be easy to express for the end user. Focusing on access control and information flow security strategies, this work discovers and proves universal insights about security invariants. This enables secure and convenient auto-completion of host attribute configurations. We demonstrate our results in a civil aviation scenario. All results are machine-verified with the Isabelle/HOL theorem prover.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Client-side access control enforcement using trusted computing and PEI models

It has been recognized for some time that software alone does not provide an adequate foundation for building a high-assurance trusted platform. The emergence of industry-standard trusted computing technologies promises a revolution in this respect by providing roots of trust upon which secure applications can be developed. These technologies offer a particularly attractive platform for securit...

متن کامل

A Dependent Type Theory for Verification of Information Flow and Access Control Policies

We present Relational Hoare Type Theory (RHTT), a novel language and verification system capable of expressing and verifying rich information flow and access control policies via dependent types. We show that a number of security policies which have been formalized separately in the literature can all be expressed in RHTT using only standard type-theoretic constructions such as monads, higher-o...

متن کامل

Modeling and Verifying Security Policies in Business Processes

Modern information systems are large-sized and comprise multiple heterogeneous and autonomous components. Autonomy enables decentralization, but it also implies that components providers are free to change, retire, or introduce new components. This is a threat to security, and calls for a continuous verification process to ensure compliance with security policies. Existing verification framewor...

متن کامل

A Formal Approach to Modelling Delegation Policy Based On Subject Attributes And Role Hierarchy

There are considerable number of approaches to policy specification both for security and policy driven network management. This specification sort security policies into two basic types: authorization and obligation policies. Most of the researches in security policies specification over the years focus on authorization policy modelling. In this paper, we report our approach in developing an i...

متن کامل

Provably Secure Execution of Composed Semantic Web Services

In this paper, we present an approach to solve the problem of secure execution of semantic web service composition plans. The integrated components of this approach include our OWL-S service matchmaker, OWLS-MX, the service composition planner, OWLS-XPlan, and the security checker module for formally verifying the compliance of the created composition plan to be executed with given data and ser...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2014