Should We Prove Security Policies Correct?
نویسندگان
چکیده
Security policies are abstract descriptions of how a system should behave to be secure. They typically express what is obligatory, permitted, or forbidden in the system. When the system is implemented, its formal verification consists in checking whether it conforms to the norms that its policy stated. Hence, security policies significantly influence the final assessment of real systems. Experience shows that important policies suffering inconsistencies have reached the final stage of implementation in a real system. Here comes the need for formal analysis at the abstract level of policies. It is advocated that known inductive techniques and a general-purpose proof assistant can be used profitably for the proof of correctness of security policies.
منابع مشابه
A Precise Way to Propagate JML Annotations for Security Automata
As security is an important concern in many areas, often security policies are defined that applications in these areas should obey. These policies can be conveniently formalized as security automata, which can be used to monitor applications at run time. However, this kind of validation is not always feasible or desirable, as it only reveals violations when they are already about to occur. Sta...
متن کاملOn the design and security of a lattice-based threshold secret sharing scheme
In this paper, we introduce a method of threshold secret sharing scheme (TSSS) in which secret reconstruction is based on Babai's nearest plane algorithm. In order to supply secure public channels for transmitting shares to parties, we need to ensure that there are no quantum threats to these channels. A solution to this problem can be utilization of lattice-based cryptosystems for these channe...
متن کاملAutomatic Generation of IPSec/VPN Security Policies In an Intra-Domain Environment
IPSec [1] policies are widely deployed in firewalls or security gateways to protect information property. The security treatment (e.g. deny, allow or encrypt etc.) of all inbound or outbound traffic will be determined by the security policies, and thus it is critical for policies to be specified and configured correctly. IPSec policies are manually configured to individual security gateway in c...
متن کاملAn Authoring Framework for Security Policies: A Use-Case within the Healthcare Domain
Traditionally, the definition and the maintenance of security and access control policies has been the exclusive task of system administrators or security officers. In modern distributed and heterogeneous systems, there exist the need to allow different stakeholders to create and edit their security and access control preferences. In order to solve this problem two main challenges need to be me...
متن کاملPrivacy-Preserving Credential Verification for Non-monotonic Trust Management Systems
Trust management systems provide a flexible way for performing decentralized security management. However, most trust management systems only support monotonic policies. Compared with nonmonotonic policies, monotonic ones are less flexible and cannot express policies such as “Chinese wall policies” and “separation of duties”. To support non-monotonic policies, trust management systems must be a...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2004