Should We Prove Security Policies Correct?

Security policies are abstract descriptions of how a system should behave to be secure. They typically express what is obligatory, permitted, or forbidden in the system. When the system is implemented, its formal verification consists in checking whether it conforms to the norms that its policy stated. Hence, security policies significantly influence the final assessment of real systems. Experience shows that important policies suffering inconsistencies have reached the final stage of implementation in a real system. Here comes the need for formal analysis at the abstract level of policies. It is advocated that known inductive techniques and a general-purpose proof assistant can be used profitably for the proof of correctness of security policies.

[1]  Frédéric Cuppens,et al.  Specifying a security policy: a case study , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[2]  Fabio Massacci,et al.  Verifying the SET registration protocols , 2003, IEEE J. Sel. Areas Commun..

[3]  Giampaolo Bella Inductive Verification of Smart Card Protocols , 2003, J. Comput. Secur..

[4]  Laurence Cholvy Checking regulation consistency by using SOL-resolution , 1999, ICAIL '99.

[5]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[6]  Lawrence Charles Paulson,et al.  Isabelle: A Generic Theorem Prover , 1994 .

[7]  Giampaolo Bella Interactive simulation of security policies , 2002, SAC '02.

[8]  Fabio Massacci,et al.  Formal Verification of Cardholder Registration in SET , 2000, ESORICS.

[9]  Lawrence C. Paulson,et al.  Mechanical Proofs about a Non-repudiation Protocol , 2001, TPHOLs.

[10]  Frédéric Cuppens,et al.  Analyzing consistency of security policies , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).