论文信息 - A Flexible Method for Information System Security Policy Specification

A Flexible Method for Information System Security Policy Specification

This paper presents a method for the specification of the security of information systems. The proposed approach provides a flexible and expressive specification method, corresponding to the specific needs of organizations. First, we outline the overall guidelines of the security policy definition process, and the different consistency issues associated to the description of the security requirements of an organization information system. The specification language used is based on a convenient extension of deontic logic. The formalism and its extensions are defined briefly. To illustrate the use of this formalism, the paper presents how the method applies to the description of the security requirements of a real organization: a medium-size bank agency.

Rodolphe Ortalo | Rodolphe Ortalo

[1] Rodolphe Ortalo,et al. Using Role-based Abstractions for Security Policy Specification with Deontic Logic , 1997 .

[2] Rob Miller,et al. The Amulet Environment: New Models for Effective User Interface Software Development , 1997, IEEE Trans. Software Eng..

[3] Luis Fariñas del Cerro,et al. Modal deduction with applications in epistemic and temporal logics , 1995 .

[4] Gabriel M. Kuper,et al. Logic programming with sets , 1987, PODS '87.

[5] Brian F. Chellas. Modal Logic: Normal systems of modal logic , 1980 .

[6] Frédéric Cuppens,et al. Specifying a security policy: a case study , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[7] Marek Sergot,et al. Formal Specification of Security Requirements using the Theory of Normative Positions , 1992, ESORICS.

[8] Glenn H. MacEwen,et al. A logic for reasoning about security , 1990, [1990] Proceedings. The Computer Security Foundations Workshop III.

[9] Rodolphe Ortalo,et al. Quantitative evaluation of information system security , 1998 .

[10] Frédéric Cuppens,et al. Analyzing consistency of security policies , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[11] Melvin Fitting,et al. Basic modal logic , 1993 .

[12] D. Elliott Bell,et al. Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[13] Ravi S. Sandhu,et al. Role-Based Access Control Models , 1996, Computer.