论文信息 - Toward a Formal Characterization of Policy Specification & Analysis

Toward a Formal Characterization of Policy Specification & Analysis

Policy-based management of the security of a military communications network can simplify the configuration process, while increasing security and availability. An effective policy-based approach requires analysis of policies for inconsistencies, and for desired security properties. It also must provide for the refinement of high-level security goals into concrete policies. This paper defines a language based on first-order logic formulae containing explicit time arguments which is expressive enough for specifying a range of authorization and obligation security policies, while supporting the formalisms and automated tools needed for analysis and refinement. Both system behavior and the semantics of the policies themselves are defined in terms of execution traces, to enable reasoning about algorithmic solutions to policy analysis. The paper also proposes some analysis tools based on the use of logical abduction.

[1] Joseph Y. Halpern,et al. Using First-Order Logic to Reason about Policies , 2008, TSEC.

[2] David Toman,et al. First-Order Queries over Temporal Databases Inexpressible in Temporal Logic , 1996, EDBT.

[3] Ting Yu,et al. On the modeling and analysis of obligations , 2006, CCS '06.

[4] Bert Van Nuffelen. Abductive constraint logic programming: implementation and applications. , 2004 .

[5] Bashar Nuseibeh,et al. An Abductive Approach for Analysing Event-Based Requirements Specifications , 2002, ICLP.

[6] Elisa Bertino,et al. A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[7] D. Roberts,et al. Holistan: A Futuristic Scenario for International Coalition Operations , 2007, 2007 International Conference on Integration of Knowledge Intensive Multi-Agent Systems.

[8] Sushil Jajodia,et al. A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[9] Arosha K. Bandara. A formal approach to analysis and refinement of policies , 2005 .

[10] Paolo Mancarella,et al. Generalized Stable Models: A Semantics for Abduction , 1990, ECAI.

[11] Naranker Dulay,et al. Authorisation and Conflict Resolution for Hierarchical Domains , 2007, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07).