Skip to main content
SpringerLink
Log in

Security Rules versus Security Properties

  • Conference paper
Information Systems Security (ICISS 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6503))

Included in the following conference series:

Abstract

There exist many approaches to specify and to define security policies. We present here a framework in which the basic components of security policies can be expressed, and we identify their role in the description of a policy, of a system and of a secure system. In this setting, we formally describe two approaches to define policies, and we relate them: the rule-based approach consists of specifying the conditions under which an action is granted and, the property-based approach consists of specifying the security properties the policy aims to enforce. We also show how a policy can be applied to constrain an existing system, and how a secure system can be defined from a security policy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. In: SACMAT, pp. 41–52 (2001)

    Google Scholar 

  2. Bonatti, P., De Capitani di Vimercati, S., Samarati, P.: A modular approach to composing access control policies. In: ACM Conf. on Computer and Communications Security, pp. 163–173 (2000)

    Google Scholar 

  3. Bonatti, P., De Capitani di Vimercati, S., Samarati, P.: An algebra for composing access control policies. ACM Trans. on Inf. and Syst. Security 5(1), 1–35 (2002)

    Article  Google Scholar 

  4. Bourdier, T., Cirstea, H., Jaume, M., Kirchner, H.: Rule-based Specification and Analysis of Security Policies. In: 5th International Workshop on Security and Rewriting Techniques, SECRET 2010 (2010)

    Google Scholar 

  5. Bruns, G., Huth, M.: Access-control policies via Belnap logic: Effective and efficient composition and analysis. In: Proc. of the 21st IEEE Computer Security Foundations Symposium, CSF 2008, pp. 163–176. IEEE Computer Society, Los Alamitos (2008)

    Chapter  Google Scholar 

  6. Bryce, C.: Security engineering of lattice-based policies. In: Proc. of The 10th Computer Security Foundations Workshop. IEEE Computer Society Press, Los Alamitos (1997)

    Google Scholar 

  7. Chander, A., Mitchell, J.C., Dean, D.: A state-transition model of trust management and access control. In: Proceedings of the 14th IEEE Computer Security Foundation Workshop CSFW, pp. 27–43. IEEE Comp. Society Press, Los Alamitos (2001)

    Google Scholar 

  8. Dougherty, D.J., Fisler, K., Krishnamurthi, S.: Specifying and reasoning about dynamic access-control policies. In: Furbach, U., Shankar, N. (eds.) IJCAR 2006. LNCS (LNAI), vol. 4130, pp. 632–646. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  9. Dougherty, D.J., Kirchner, C., Kirchner, H., Santana de Oliveira, A.: Modular access control via strategic rewriting. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 578–593. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  10. Gürgens, S., Ochsenschläger, P., Rudolph, C.: Abstractions preserving parameter confidentiality. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 418–437. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  11. Gürgens, S., Ochsenschläger, P., Rudolph, C.: On a formal framework for security properties. Computer Standards & Interfaces 27(5), 457–466 (2005)

    Article  Google Scholar 

  12. Habib, L., Jaume, M., Morisset, C.: Formal definition and comparison of access control models. J. of Information Assurance and Security 4(4), 372–381 (2009)

    Google Scholar 

  13. Halpern, J.Y., Weissman, V.: Using first-order logic to reason about policies. ACM Trans. Inf. Syst. Secur. 11(4) (2008)

    Google Scholar 

  14. Harrison, M., Ruzzo, W., Ullman, J.: Protection in operating systems. Communications of the ACM 19, 461–471 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  15. Jajodia, S., Samarati, P., Subrahmanian, V.S., Bertino, E.: A unified framework for enforcing multiple access control policies. SIGMOD Record (ACM Special Interest Group on Management of Data) 26(2), 474–485 (1997)

    Google Scholar 

  16. LaPadula, L.J., Bell, D.E.: Secure Computer Systems: A Mathematical Model. Journal of Computer Security 4, 239–263 (1996)

    Article  Google Scholar 

  17. Ligatti, J., Bauer, L., Walker, D.: Run-time enforcement of nonsafety policies. ACM Trans. Inf. Syst. Secur. 12(3) (2009)

    Google Scholar 

  18. Tripunitara, M.V., Li, N.: Comparing the expressive power of access control models. In: 11th ACM Conf. on Computer and Communications Security (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. SPI – LIP6 – University Pierre & Marie Curie, 4 Place Jussieu, 75252, Paris Cedex 05, France

    Mathieu Jaume

Authors
  1. Mathieu Jaume
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Sciences Department, University of Wisconsin, 53706, Madison, WI, USA

    Somesh Jha

  2. Dhirubhai Ambani Institute of Information and Communication Technology, Gandhinagar, 382007, Gujarat, India

    Anish Mathuria

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jaume, M. (2010). Security Rules versus Security Properties. In: Jha, S., Mathuria, A. (eds) Information Systems Security. ICISS 2010. Lecture Notes in Computer Science, vol 6503. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17714-9_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-17714-9_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-17713-2

  • Online ISBN: 978-3-642-17714-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation