Matching Security Policies to Application Needs [chapter]

Claudia Eckert
1995 IFIP Advances in Information and Communication Technology  
The issue of developing complex secure systems is still a great challenge. We claim that in contra.st to the well known bottom-up oriented approaches secure concurrent systems should be developed top-down starting with a formal top-level specification. A framework for developing secure systems is needed, which offers means to specify security requirements adapted to the specific demands of application a.rea.s. In addition, a.n appropriate security model is needed to formally describe the
more » ... r and the security properties of systems. We will present a uniform framework which is appropriate to match security policies to application needs. Secure concurrent systems a.re modeled with two different levels of abstraction. The action model provides a sound and fine-grained ha.sis to formalize security properties of the system. In order to ea.se system modeling we introduce the object security model by systematically coarsening the action model. In addition to our security model we will present a. security requirement logic. Security policies tailored to the specific requirements of applications may by specified with the formulas of the logic. The security requirement logic allows to specify different security policies such a.s access control and information flow policies in a. uniform way, and allows to com pa.re these policies.
doi:10.1007/978-0-387-34873-5_19 fatcat:mtub3lbvtjgivpv3q3mpc5uvha