Info: Zenodo’s user support line is staffed on regular business days between Dec 23 and Jan 5. Response times may be slightly longer than normal.

Published August 27, 2009 | Version v1
Journal article Open

Executable Security Policies: Specification and Validation of Security Policies

  • 1. Sup'Com, Tunisia

Description

Security Policies constitute the core of network protection infrastructures. However, their development is a sensitive task because it can be in opposition with the security requirements (e.g. lack of rule or conflicting rules). A specification task seems to be indispensible in order to clarify the desired exigencies. A validation process for security policies becomes then necessary before their deployment to avoid resources network damages. Nowadays, there is no automated tool in the network security world allowing such task. Moreover, we have found that the theory developed for this aim in the software engineering domain can be adapted for security policies because several similarities exist between the expressions of the needs in the two domains as mentioned in several studies. Hence, we propose in this paper a specification and validation framework for security policies, inspired from software engineering tools, where: (1) we introduce the concept of executable specifications to build the concept of Executable Security Policies (2) we propose a new specification language based on an adapted modeling and inspired from Promela (3) we build a validation model based on the newly introduced language and (4) we define a 3-steps validation process of the executable security policy. The validation process is based on the main security properties, i.e. consistency, completeness and preservation of safety and liveness. Moreover, the consistency related to multiple security policies is treated through a detection algorithm and a resolution method.

Files

0809smn01.pdf

Files (409.9 kB)

Name Size Download all
md5:a086ed3aa1301673e06282e6d4ea21ae
409.9 kB Preview Download