Advice from Belnap Policies

Coordination languages for mobile, distributed systems constitute a good basis for the use of aspect-oriented features for providing a clear separation between the functionality and the security policies of programs. Allowing for a distributed definition of aspects, that jointly define a security policy, provide for a number of challenges regarding how to deal with conflicts and how to demonstrate that an overall security policy is met. We adapt recent work on policy composition using Belnap Logic to provide a uniform treatment of conflicts. We further define a modal logic to allow reasoning about the overall security policy. Throughout, we illustrate the developments by examples drawn from health service policies.

[1]  John C. Mitchell,et al.  Privacy and Utility in Business Processes , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[2]  Emilio Tuosto,et al.  The Klaim Project: Theory and Practice , 2003, Global Computing.

[3]  John C. Mitchell,et al.  Conflict and combination in privacy policy languages , 2004, WPES '04.

[4]  Paul R. Ashley,et al.  Enterprise Privacy Authorization Language , 2003 .

[5]  Ian D. Benest,et al.  Chapter 3 – An Overview of Aspect , 1991 .

[6]  Indrakshi Ray,et al.  Using aspects to design a secure system , 2002, Eighth IEEE International Conference on Engineering of Complex Computer Systems, 2002. Proceedings..

[7]  Michael Huth,et al.  A simple and expressive semantic framework for policy composition in access control , 2007, FMSE '07.

[8]  Rocco De Nicola,et al.  Programming Access Control: The KLAIM Experience , 2000, CONCUR.

[9]  Helen Nissenbaum,et al.  Privacy and contextual integrity: framework and applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[10]  Arnon Avron,et al.  The Value of the Four Values , 1998, Artif. Intell..

[11]  Ondrej Lhoták,et al.  Optimising aspectJ , 2005, PLDI '05.

[12]  Cristina V. Lopes,et al.  Aspect-oriented programming , 1999, ECOOP Workshops.

[13]  William G. Griswold,et al.  An Overview of AspectJ , 2001, ECOOP.

[14]  Mark Evered,et al.  A Case Study in Access Control Requirements for a Health Information System , 2004, ACSW.

[15]  Wouter Joosen,et al.  Developing secure applications through aspect-oriented programming , 2004 .

[16]  Flemming Nielson,et al.  Advice for Coordination , 2008, COORDINATION.

[17]  Joseph Y. Halpern,et al.  Using First-Order Logic to Reason about Policies , 2008, TSEC.

[18]  Rocco De Nicola,et al.  Action versus State based Logics for Transition Systems , 1990, Semantics of Systems of Concurrent Processes.

[19]  Cristina V. Lopes,et al.  Aspect-oriented programming , 1999, ECOOP Workshops.

[20]  Peter Sewell,et al.  Cassandra: flexible trust management, applied to electronic health records , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[21]  K. Win A Review of Security of Electronic Health Records , 2005, Health information management : journal of the Health Information Management Association of Australia.

[22]  Michael Huth,et al.  Access-Control Policies via Belnap Logic: Effective and Efficient Composition and Analysis , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[23]  Angela Randall Electronic Health Records: Security, Safety and Archiving , 2005, Health information management : journal of the Health Information Management Association of Australia.

[24]  Rocco De Nicola,et al.  KLAIM: A Kernel Language for Agents Interaction and Mobility , 1998, IEEE Trans. Software Eng..

[25]  Daniel S. Dantas Analyzing security advice in functional aspect-oriented programming languages , 2007 .