论文信息 - Heuristics for Safety and Security Constraints

Heuristics for Safety and Security Constraints

The flow logic approach to static analysis amounts to specifying the admissibility of solutions to analysis problems; when specified using formulae in stratified alternation-free least fixed point logic one may use efficient algorithms for computing the least admissible solutions. We extend this scenario to validate the fulfilment of safety and security constraints on admissible solutions; the modified development produces a least solution together with a boolean value indicating whether or not the constraints are validated or violated. The main contribution is the development of a deterministic heuristics for obtaining a solution that is close to the least solution while enforcing the safety or security constraints. We illustrate it on the Bell-LaPadula mandatory access control policy where the heuristics is used to suggest modifications to the security annotations of entities in order for the security policy to hold.

Flemming Nielson | Hanne Riis Nielson

[1] Flemming Nielson,et al. Flow Logic: A Multi-paradigmatic Approach to Static Analysis , 2002, The Essence of Computation.

[2] David Harel,et al. Computable Queries for Relational Data Bases , 1980, J. Comput. Syst. Sci..

[3] Agostino Cortesi,et al. Boundary Inference for Enforcing Security Policies in Mobile Ambients , 2002, IFIP TCS.

[4] Zohar Manna,et al. The optimal approach to recursive programs , 1977, Commun. ACM.

[5] Flemming Nielson,et al. Automatic validation of protocol narration , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[6] Jack Minker. Foundations of deductive databases and logic programming , 1988 .

[7] Robin Milner,et al. A Theory of Type Polymorphism in Programming , 1978, J. Comput. Syst. Sci..

[8] Dieter Gollmann,et al. Computer Security , 1979, Lecture Notes in Computer Science.

[9] Alan Bundy,et al. Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[10] D. Elliott Bell,et al. Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[11] Patrick Cousot,et al. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[12] Flemming Nielson,et al. A Succinct Solver for ALFP , 2002, Nord. J. Comput..

[13] Flemming Nielson,et al. Principles of Program Analysis , 1999, Springer Berlin Heidelberg.