Analysis and Run-Time Verification of Dynamic Security Policies

Ensuring the confidentiality, integrity and availability of information is the key issue in the battle for information superiority and thus is a decisive factor in modern warfare. Security policies and security mechanisms govern the access to information and other resources. Their correct specification, i.e. denial of potentially dangerous access and adherence to all established need-to-know requirements, is critical. In this paper we present a security model that allows to express dynamic access control policies that can change on time or events. A simple agent system, simulating a platoon, is used to show the need and the advantages of our policy model. The paper finally presents how existing tool-support can be used for the analysis and verification of policies.

[1]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[2]  Ben C. Moszkowski,et al.  Executing temporal logic programs , 1986, Seminar on Concurrency.

[3]  Hussein Zedan,et al.  A compositional framework for access control policies enforcement , 2003, FMSE '03.

[4]  C. Eckert Matching Security Policies to Application Needs , 1995 .

[5]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[6]  Ben C. Moszkowski Some Very Compositional Temporal Properties , 1994, PROCOMET.

[7]  Martín Abadi,et al.  A calculus for access control in distributed systems , 1991, TOPL.

[8]  Simon S. Lam,et al.  Authorization in distributed systems: a formal approach , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[9]  Krishna M. Kavi,et al.  Multi-Agent System Case Studies in Command and Control, Information Fusion and Datat Managment , 2004, Informatica.

[10]  Michael Fisher,et al.  A Survey of Concurrent METATEM - the Language and its Applications , 1994, ICTL.

[11]  Elisa Bertino,et al.  TRBAC: a temporal role-based access control model , 2000, RBAC '00.

[12]  Hussein Zedan,et al.  Designing a Provably Correct Robot Control System Using a 'Lean' Formal Method , 1998, FTRTFT.

[13]  Frederick T. Sheldon,et al.  Multi-Agent System Case Studies in Command and Control , Information Fusion and Data Management , 2004 .

[14]  Ramesh Bharadwaj Secure middleware for situation-aware naval C/sup 2/ and combat systems , 2003, The Ninth IEEE Workshop on Future Trends of Distributed Computing Systems, 2003. FTDCS 2003. Proceedings..

[15]  Gerard Tel,et al.  The derivation of distributed termination detection algorithms from garbage collection schemes , 1991, TOPL.

[16]  Richard E. Hayes,et al.  Understanding Information Age Warfare , 2001 .

[17]  Thomas E. Potok,et al.  Suitability of Agent Technology for Military Command and Control in the Future Combat System Environment , 2003 .

[18]  Peter J. Stuckey,et al.  Flexible access control policy specification with constraint logic programming , 2003, TSEC.