On Properties of Policy-Based Specifications

Andrea Margheri; Rosario Pugliese; Francesco  Tiezzi

doi:10.4204/EPTCS.188.5

Electronic Proceedings in Theoretical Computer Science (Aug 2015)

On Properties of Policy-Based Specifications

Andrea Margheri,
Rosario Pugliese,
Francesco Tiezzi

Affiliations

Andrea Margheri: Università degli Studi di Firenze, Università di Pisa
Rosario Pugliese: Università degli Studi di Firenze
Francesco Tiezzi: Università di Camerino

DOI: https://doi.org/10.4204/EPTCS.188.5
Journal volume & issue: Vol. 188, no. Proc. WWV 2015
pp. 33 – 50

Abstract

Read online

The advent of large-scale, complex computing systems has dramatically increased the difficulties of securing accesses to systems' resources. To ensure confidentiality and integrity, the exploitation of access control mechanisms has thus become a crucial issue in the design of modern computing systems. Among the different access control approaches proposed in the last decades, the policy-based one permits to capture, by resorting to the concept of attribute, all systems' security-relevant information and to be, at the same time, sufficiently flexible and expressive to represent the other approaches. In this paper, we move a step further to understand the effectiveness of policy-based specifications by studying how they permit to enforce traditional security properties. To support system designers in developing and maintaining policy-based specifications, we formalise also some relevant properties regarding the structure of policies. By means of a case study from the banking domain, we present real instances of such properties and outline an approach towards their automatised verification.

Published in Electronic Proceedings in Theoretical Computer Science

ISSN: 2075-2180 (Online)
Publisher: Open Publishing Association
Country of publisher: Australia
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: http://eptcs.org/

About the journal