273,749 Hits in 6.3 sec

Formal Specification and Validation of Security Policies [chapter]

Tony Bourdier, Horatiu Cirstea, Mathieu Jaume, Hélène Kirchner
2012 Lecture Notes in Computer Science  
We propose a formal framework for the specification and validation of security policies.  ...  This framework also provides a common formalism to define, compare and compose security systems and policies.  ...  Such specifications of security systems and policies have a well-understood operational semantics based on transition and rewriting systems and are thus executable.  ... 
doi:10.1007/978-3-642-27901-0_12 fatcat:a3kqgnki5fa7nht3clkpty2kpa

Secure Descartes: A Security Extension to Descartes Specification Language

Venkata N Inukollu, Joseph E Urban
2020 International Journal of Software Engineering & Applications  
In this research effort, a generic secure policy prototype and components of the generic secure policy were defined using formal methods.  ...  Concepts of secure policies were adopted from the SPromela, Ponder, and REI methodologies for secure policy specification, analysis, and design.  ...  Hence, there is a need for a formal secure specification language that represents, analyzes, and validates the secure policies effectively.  ... 
doi:10.5121/ijsea.2020.11501 fatcat:fietmzwlm5cyrjxvphqlmgelom

Enabling verification and conformance testing for access control model

Hongxin Hu, GailJoon Ahn
2008 Proceedings of the 13th ACM symposium on Access control models and technologies - SACMAT '08  
Our methodology attempts to verify formal specifications of a role-based access control model and corresponding policies with selected security properties.  ...  Also, we systematically articulate testing cases from formal specifications and validate conformance to the system design and implementation using those cases.  ...  ACKNOWLEDGMENTS This work was partially supported by the grants from National Science Foundation (NSF-IIS-0242393 and NSF-DUE-0416042), Department of Energy Early Career Principal Investigator Award (DE-FG02  ... 
doi:10.1145/1377836.1377867 dblp:conf/sacmat/HuA08 fatcat:kf5noufm2fgxdnw4awxlrd2nmq

Language-Specific vs. Language-Independent Approaches: Embedding Semantics on a Metamodel for Testing and Verifying Access Control Policies

Yves Le Traon, Tejedinne Mouelhi, Franck Fleurey, Benoit Baudry
2010 2010 Third International Conference on Software Testing, Verification, and Validation Workshops  
We qualify the test cases that validate the security policy in the application with a fault injection technique, mutation applied to access control policies.  ...  The goal of the original work was to present a full MDE process to check the consistency of a security policy and generate qualification criteria for the test cases testing the security mechanisms in the  ...  METAMODELLING FOR SECURITY VALIDATION AND VERIFICATION We recall the generic verification and validation techniques we propose in [2] that are independent of any particular security formalism.  ... 
doi:10.1109/icstw.2010.67 dblp:conf/icst/TraonMFB10 fatcat:llbgqyfdcvgfta7bqfvgwu6zdi

Constructing Authorization Systems Using Assurance Management Framework

Hongxin Hu, Gail-Joon Ahn
2010 IEEE Transactions on Systems Man and Cybernetics Part C (Applications and Reviews)  
AMF facilitates comprehensive realization of formal security model, security policy specification and verification, generation of security enforcement codes, and rigorous conformance testing.  ...  However, security concerns are rarely considered and practiced due to the lack of appropriate systematic mechanisms and tools.  ...  The correctness of the design and implementation is based on the premise that the formal security model and policy are valid.  ... 
doi:10.1109/tsmcc.2010.2047856 fatcat:is4bc7uldjbnnmqvsqwnmhwjoy

A Model-Based Framework for Security Policy Specification, Deployment and Testing [chapter]

Tejeddine Mouelhi, Franck Fleurey, Benoit Baudry, Yves Le Traon
2008 Lecture Notes in Computer Science  
To qualify test cases that validate the security policy in the application, we inject faults into the policy.  ...  First, a security policy is specified independently of the underlying access control language (OrBAC, RBAC).  ...  The proposed MDE process is based on a domain-specific language (DSL) in order to model security formalisms/languages as well as security policies defined according to these formalisms.  ... 
doi:10.1007/978-3-540-87875-9_38 fatcat:hucyuppvrna5vde6xvoitcw5wa

Towards Validating Security Protocol Deployment in the Wild

Luca Compagna, Ulrich Flegel, Volkmar Lotz
2009 2009 33rd Annual IEEE International Computer Software and Applications Conference  
As computing technology becomes increasingly pervasive and interconnected, mobility leads to shorter-lasting relationships between end-points with many different security requirements.  ...  It has been demonstrated that the increasing number of application contexts of these highly flexible security protocols opens vulnerabilities emerging from the difficulty of assessing the impact of the  ...  State-of-the-art formal languages for policy specification might be helpful here.  ... 
doi:10.1109/compsac.2009.172 dblp:conf/compsac/CompagnaFL09 fatcat:jp64j6n4n5bf7bj35cidasfksq

Towards Formal Validation of Trust and Security in the Internet of Services [chapter]

Roberto Carbone, Marius Minea, Sebastian Alexander Mödersheim, Serena Elisa Ponta, Mathieu Turuani, Luca Viganò
2011 Lecture Notes in Computer Science  
The formal verification of trust and security of the Internet of Services will significantly boost its development and public acceptance.  ...  Service designers and developers, while striving to meet the requirements posed by application scenarios, have a hard time to assess the trust and security impact of an option, a minor change, a combination  ...  in the context of the AVANTSSAR project (, [4] ) for the formal specification and automated validation of trust and security of service-oriented architectures (SOAs).  ... 
doi:10.1007/978-3-642-20898-0_14 fatcat:6lsfwn35sjflhfjoeljdcbvtsa

Formal Model based Specification of Authorization Framework for Ubiquitous Enterprise Computing Environment

Supreet Kaur, Kawaljeet Singh
2014 International Journal of Computer Applications  
There is need for a flexible and scalable authorization model that can meet the different protection requirement of the computing system and adapt to the demand of real world security requirements.  ...  The proposed security model has taken these factors into consideration and adopted a formal approach to design a flexible and scalable model to support intelligent authorization process in ubiquitous computing  ...  The reference security policy defined for access permission should be valid policy defined under reference security policy set.  ... 
doi:10.5120/16083-5220 fatcat:sm6s5lay5nburpzcrxqxnspsme

RBAC for Healthcare-Infrastructure and data storage [article]

Ramesh Narasimman, Izzat Alsmadi
2020 arXiv   pre-print
We used Alloy formal logic modeling tool to model and validate system functions. We modeled system static and dynamic or temporal behaviours.  ...  Role based Access control (RBAC) is the cornerstone of security for any modern organization. In this report, we defined a health-care access control structure based on RBAC.  ...  To ensure this, the policy needs to be validated using formal methods. A validated policy is authentic and foolproof. Formal methods are a trusted and efficient way to validate these policies.  ... 
arXiv:2010.11096v1 fatcat:wwq5jhkmuja2rnxkde6txxihiq

Taking into Account Functional Models in the Validation of IS Security Policies [chapter]

Yves Ledru, Akram Idani, Jérémy Milhau, Nafees Qamar, Régine Laleau, Jean-Luc Richier, Mohamed-Amine Labiadh
2011 Lecture Notes in Business Information Processing  
We suggest to translate both security and functional models into a formal language, such as B, whose analysis and animation tools will help validate a larger set of security scenarios.  ...  of security.  ...  This example shows how to use iastd and use case scenarios in order to validate astd specifications which define history-based constraints on security policies.  ... 
doi:10.1007/978-3-642-22056-2_62 fatcat:4qwivyzbergyjfygv7brirspza

Towards realizing a formal RBAC model in real systems

Gail-Joon Ahn, Hongxin Hu
2007 Proceedings of the 12th ACM symposium on Access control models and technologies - SACMAT '07  
In this paper, we propose an empirical framework to integrate security model representation, security policy specification, and systematic validation of security model and policy, which would be eventually  ...  We also describe how our framework can minimize the gap between security models and the development of secure systems.  ...  -03ER25565) and Department of Defense (H98230-04-1-0210).  ... 
doi:10.1145/1266840.1266875 dblp:conf/sacmat/AhnH07 fatcat:vvrg3q4w6bdjhayuc6p5znlgtu

The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures [chapter]

Alessandro Armando, Wihem Arsac, Tigran Avanesov, Michele Barletta, Alberto Calvi, Alessandro Cappai, Roberto Carbone, Yannick Chevalier, Luca Compagna, Jorge Cuéllar, Gabriel Erzse, Simone Frau (+10 others)
2012 Lecture Notes in Computer Science  
The AVANTSSAR Platform is an integrated toolset for the formal specification and automated validation of trust and security of service-oriented architectures and other applications in the Internet of Services  ...  The platform supports application-level specification languages (such as BPMN and our custom languages) and features three validation backends (CL-AtSe, OFMC, and SATMC), which provide a range of complementary  ...  In this paper, we present the AVANTSSAR Platform, an integrated toolset for the formal specification and automated validation of trust and security of SOAs and, in general, of applications in the IoS.  ... 
doi:10.1007/978-3-642-28756-5_19 fatcat:n7ktur2bdbaireqbiu42k4bqzq

Advanced Analysis of the Integrity of Access Control Policies: the Specific Case of Databases

Faouzi Jaidi, Faten Ayachi, Adel Bouhoula
2020 ˜The œinternational Arab journal of information technology  
We define a formal framework for detecting non-compliance anomalies in concrete Role Based Access Control (RBAC) policies. We rely on an example to illustrate the relevance of our contribution  ...  We propose a rigorous and complete solution to help security architects verifying the correspondence between the security planning and its concrete implementation.  ...  Phase 5 consists to formally verify and validate the conformity of the concrete policy regarding its specification.  ... 
doi:10.34028/iajit/17/5/14 fatcat:2qlphbtpebfrpmfcd5lkq5esla

Executable Security Policies: Specification and Validation of Security Policies

Ryma Abassi, Sihem Guemara El Fatmi
2009 Zenodo  
introduced language and (4) we define a 3-steps validation process of the executable security policy.  ...  Hence, we propose in this paper a specification and validation framework for security policies, inspired from software engineering tools, where: (1) we introduce the concept of executable specifications  ...  So, because an executable specification can be considered as an extension of formal specification, we have found it useful to propose Executable Securities Policies as an extension of Security Policies  ... 
doi:10.5281/zenodo.2558157 fatcat:b4ujsnqwcfbotpeqkwezn4ie44
« Previous Showing results 1 — 15 out of 273,749 results