Analysis and Run-Time Verification of Dynamic Security Policies
نویسندگان
چکیده
Ensuring the confidentiality, integrity and availability of information is the key issue in the battle for information superiority and thus is a decisive factor in modern warfare. Security policies and security mechanisms govern the access to information and other resources. Their correct specification, i.e. denial of potentially dangerous access and adherence to all established need-to-know requirements, is critical. In this paper we present a security model that allows to express dynamic access control policies that can change on time or events. A simple agent system, simulating a platoon, is used to show the need and the advantages of our policy model. The paper finally presents how existing tool-support can be used for the analysis and verification of policies.
منابع مشابه
DyVSoR: dynamic malware detection based on extracting patterns from value sets of registers
To control the exponential growth of malware files, security analysts pursue dynamic approaches that automatically identify and analyze malicious software samples. Obfuscation and polymorphism employed by malwares make it difficult for signature-based systems to detect sophisticated malware files. The dynamic analysis or run-time behavior provides a better technique to identify the threat. In t...
متن کاملA model for specification, composition and verification of access control policies and its application to web services
Despite significant advances in the access control domain, requirements of new computational environments like web services still raise new challenges. Lack of appropriate method for specification of access control policies (ACPs), composition, verification and analysis of them have all made the access control in the composition of web services a complicated problem. In this paper, a new indepe...
متن کاملVery Static Enforcement of Dynamic Policies
Security policies are naturally dynamic. Reflecting this, there has been a growing interest in studying information-flow properties which change during program execution, including concepts such as declassification, revocation, and role-change. A static verification of a dynamic information flow policy, from a semantic perspective, should only need to concern itself with two things: 1) the depe...
متن کاملMonetary Policies, Exchange Rate Pass-through and Prices in Asian Economies: A Long and Short-run Analysis
Abstract T he financial crisis in 2007-2008 has turned into the most far-reaching international financial and economic crisis since the Great Depression. Indeed, the crisis-affected Asian countries experienced varying degrees of changes in the exchange rate and prices following an initial shock of sharp depreciation of their currencies in the second half of 1997. Moreover,...
متن کاملLanguage-based Security: Access Control and Static Analysis
We study security of mobile code at a linguistic level. In particular, we tackle the problem of designing expressive and efficient models for access control, as well as improving the performance of existing mechanisms. Static analysis is the main technical tool we use in order to enforce and optimise the security of programs. We begin our study with stack inspection, the access control model ad...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005