Simulation Verification and Validation by Dynamic Policy Specification and Enforcement

This article presents a new verification and validation technique for simulation using dynamic policy specification and enforcement. Security requirements, certain functional requirements, and constraints can be formally specified as policies, and they are used to check at runtime whether the behaviors of the system under simulation are within the given constraints. A policy violation reveals a potential design error of the system under simulation. This article also presents the policy specification language and the policy development framework that are used to specify policies, to verify their completeness and consistency of policies, to translate them into executable representations, and to enforce them at runtime. The policy specification language and the policy development framework are fully integrated into the simulation infrastructure. An example is used throughout the article to illustrate the policy specification and enforcement processes. The article discusses different algorithms of policy enforcement and their space and time complexity.

[1]  Elisa Bertino,et al.  RBAC models - concepts and trends , 2003, Comput. Secur..

[2]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[3]  J. Feigenbaum,et al.  The KeyNote trust management system version2, IETF RFC 2704 , 1999 .

[4]  D. K. Branstad,et al.  Policy-based cryptographic key management: experience with the KRP project , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[5]  Karl N. Levitt,et al.  Security Policy Specification Using a Graphical Approach , 1998, ArXiv.

[6]  Osman Balci,et al.  Verification, Validation And Accreditation Of Simulation Models , 1997, Winter Simulation Conference Proceedings,.

[7]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[8]  Prasad Rao,et al.  Automatic management of network security policy , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[9]  Raymond A. Paul,et al.  A robust testing framework for verifying Web services by completeness and consistency analysis , 2005, IEEE International Workshop on Service-Oriented System Engineering (SOSE'05).

[10]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System , 1998 .

[11]  IEEE Standard for Modeling and Simulation (M&S) High Level Architecture (HLA) — Framework and Rules , 2001 .

[12]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[13]  Emil C. Lupu,et al.  A Survey of Policy Specification Approaches , 2002 .

[14]  B. Tung The Common Intrusion Specification Language: a retrospective , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[15]  Tatyana Ryutov,et al.  Representation and evaluation of security policies for distributed system services , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[16]  Christopher A. Chung,et al.  Simulation Modeling Handbook: A Practical Approach , 2003 .

[17]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[18]  Anupam Joshi,et al.  Declarative Policies for Describing Web Service Capabilities and Constraints , 2004 .

[19]  Mansooreh Mollaghasemi,et al.  Validation and verification of the simulation model of a photolithography process in semiconductor manufacturing , 1998, 1998 Winter Simulation Conference. Proceedings (Cat. No.98CH36274).

[20]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[21]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[22]  Anne H. Anderson An introduction to the Web Services Policy Language (WSPL) , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[23]  Raymond A. Paul,et al.  Simulation verification and validation by dynamic policy enforcement , 2005, 38th Annual Simulation Symposium.

[24]  Averill M. Law,et al.  Simulation Modeling and Analysis , 1982 .

[25]  Lalana Kagal Rei : A Policy Language for the Me-Centric Project , 2002 .

[26]  Raymond A. Paul,et al.  Developing and assuring trustworthy Web services , 2005, Proceedings Autonomous Decentralized Systems, 2005. ISADS 2005..

[27]  Andrea Westerinen,et al.  Policy Core Information Model - Version 1 Specification , 2001, RFC.

[28]  Raymond A. Paul,et al.  DDSOS: a dynamic distributed service-oriented simulation framework , 2006, 39th Annual Simulation Symposium (ANSS'06).