We introduce a formal specification language locks, that allow security practitioners to express as well as compose security goals in a convenient manner. locks supports the specification of the most common security properties over generic attributes, both for qualitative and quantitative goals. To make our language independent of a specific security framework, we evaluate locks over a generic attack model, namely the structural attack model (sam), which over-arches the most prominent graphical

more »

... threat models. Furthermore, we equip our language with a concise grammar, type rules and denotational semantics, thus laying the foundations of an automated tool. We take a number of informal security goals from the literature and show how they can be formally expressed in our language. CCS CONCEPTS • Security and privacy → Security requirements; Formal security models; KEYWORDS Enterprise security, Quantitative security goals, Property specification language, Multi-objective query language, Threat models, Denotational semantics ACM Reference format: Rajesh Kumar, Arend Rensink, and Mariëlle Stoelinga. 2018. LOCKS: a property specification language for security goals. In