The advent of large-scale, complex computing systems has dramatically increased the difficulties of securing accesses to systems' resources. To ensure confidentiality and integrity, the exploitation of access control mechanisms has thus become a crucial issue in the design of modern computing systems. Among the different access control approaches proposed in the last decades, the policy-based one permits to capture, by resorting to the concept of attribute, all systems' security-relevant information and to be, at the same time, sufficiently flexible and expressive to represent the other approaches. In this paper, we move a step further to understand the effectiveness of policy-based specifications by studying how they permit to enforce traditional security properties. To support system designers in developing and maintaining policy-based specifications, we formalise also some relevant properties regarding the structure of policies. By means of a case study from the banking domain, we present real instances of such properties and outline an approach towards their automatised verification. Proceedings of the 9th International Workshop on Automated Specification and Verification of Web Systems (WWV'13), Electronic Proceedings in Theoretical Computer Science, 123:3-18, 2013.
On Properties of Policy-Based Specifications / Margheri, A.; Pugliese, R.; Tiezzi, F.. - In: ELECTRONIC PROCEEDINGS IN THEORETICAL COMPUTER SCIENCE. - ISSN 2075-2180. - ELETTRONICO. - 188:(2015), pp. 33-50. [10.4204/EPTCS.188.5]
On Properties of Policy-Based Specifications
PUGLIESE, ROSARIO;Tiezzi, F.
2015
Abstract
The advent of large-scale, complex computing systems has dramatically increased the difficulties of securing accesses to systems' resources. To ensure confidentiality and integrity, the exploitation of access control mechanisms has thus become a crucial issue in the design of modern computing systems. Among the different access control approaches proposed in the last decades, the policy-based one permits to capture, by resorting to the concept of attribute, all systems' security-relevant information and to be, at the same time, sufficiently flexible and expressive to represent the other approaches. In this paper, we move a step further to understand the effectiveness of policy-based specifications by studying how they permit to enforce traditional security properties. To support system designers in developing and maintaining policy-based specifications, we formalise also some relevant properties regarding the structure of policies. By means of a case study from the banking domain, we present real instances of such properties and outline an approach towards their automatised verification. Proceedings of the 9th International Workshop on Automated Specification and Verification of Web Systems (WWV'13), Electronic Proceedings in Theoretical Computer Science, 123:3-18, 2013.
| File | Dimensione | Formato | |
|---|---|---|---|
|
EPTCS 188, 2015, pp. 33–50.pdf
Accesso chiuso
Tipologia:
Pdf editoriale (Version of record)
Licenza:
Tutti i diritti riservati
Dimensione
169.76 kB
Formato
Adobe PDF
|
169.76 kB | Adobe PDF | Richiedi una copia |
I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
