Cited By
View all- Ma JOrgun MSattar A(2009)Theories of Trust for Communication ProtocolsProceedings of the 6th International Conference on Autonomic and Trusted Computing10.1007/978-3-642-02704-8_18(236-248)Online publication date: 30-Jun-2009
Combining logics for modelling security policies
Pages 323 - 332
Abstract
This paper considers a logical framework for modelling security policies for information systems. Epistemic, deontic and temporal logics can respectively be used to express what an agent knows or believes, what an agent is permitted or forbidden to know or do, and the dynamic progress of a system over time. In modelling a security policy for a practical system, one may need to combine these logical notions to express statements of the policy, so a combination of logics is considered. We investigate the issues regarding techniques for combining logics, approaches to formalizing security policies based on a combined logic, and strategies applied for reasoning about the security properties required to be satisfied by a policy. Several possible future research directions under this logical framework are discussed.
References
[1]
Blackburn, P. & de Rijke, M. (1997), Why combine logics. Studia Logica, 59(1):5--27.
[2]
Cholvy, L. & Cuppens, F. (1997), Analyzing consistency of security policies. In IEEE Symposium on Security and Privacy (S&P97), Oakland, CA, IEEE Press.
[3]
Cuppens, F. & Demolombe, R. (1997), A modal logical framework for security policies. In 10th International Symposium ISMIS'97, LNAI 1325, Springer.
[4]
Cuppens, F. & Saurel, C. (1996), Specifying a security policy: A case study. In 9th Computer Security Foundation Workshop, County Kerry, Ireland. IEEE Computer Society Press.
[5]
Dulany, K. M. (2002), Security, It's Not Just Technical. http://www.sans.org/rr/papers/50/499.pdf
[6]
Fagin, R., Halpern, J. Y., Moses, Y. & Vardi, M. Y. editors. (1995), Reasoning about Knowledge. MIT Press, Combridge (Mass.).
[7]
Finger, M. & Gabbay, D. M. (1992), Adding a temporal dimension to a logic system. Journal of Logic, Language and Information, 1:221--237.
[8]
Gabbay, D. M. & Shehtman, V. (1998), Products of modal logics, part 1. Logic Journal of the IGPL, 6(1):71--146.
[9]
Gabbay, D. M. (1999), Fibring Logics. Oxford University Press, Oxford.
[10]
Galton, A. editor (1987), Temporal Logics and Their Applications. Academic Press.
[11]
Glasgow, J. & Macewen, G. et al.(1992), A logic for reasoning about security. ACM Transactions on Computer Systems (TOCS), 10(3):226--264.
[12]
Kracht, M. & Wolter, F. (1991), Properties of independently axiomatizable bimodal logics. The Journal of Symbolic Logic, 56(4):1469--1485.
[13]
Kripke, S. (1963), Semantical Considerations of Modal Logic. Acta Philosophica Fennica, 16:83--94.
[14]
Liu, C. & Orgun, M. A. (1996), Dealing with multiple granularity of time in temporal logic programming. Journal of Symbolic Computation, 22:699--720.
[15]
Meyer, John-Jules Ch. & van der Hoek, Wiebe editors (1995), Epistemic Logic for AI and Computer Science. Combridge University Press, Combridge.
[16]
Meyer, John-Jules Ch. & Wieringa, R. J. editors (1993), Deontic Logic in Computer Science. John Wiley, Chichester.
[17]
Ortalo, R. (1998), A flexible method for information system security policy specification. The 5th European Symposium on Research in Computer Security (ESORICS 98), Louvain-la-Neuve, Belgium, Springer-Verlag.
[18]
Peri, R. V. (1996), Specification and Verification of Security Policies. PhD thesis, University of Virginia.
Index Terms
- Combining logics for modelling security policies
Recommendations
Formal enforcement and management of obligation policies
Obligations are generally actions that users are required to take and are essential for the expression of a large number of requirements. For instance, obligation actions may represent prerequisites to gain some privilege (pre obligations), to satisfy ...
Access-Control Policies via Belnap Logic: Effective and Efficient Composition and Analysis
CSF '08: Proceedings of the 2008 21st IEEE Computer Security Foundations SymposiumIt is difficult to develop and manage large, multi-author access control policies without a means to compose larger policies from smaller ones. Ideally, an access-control policy language will have a small set of simple policy combinators that allow for ...
Security policy compliance with violation management
FMSE '07: Proceedings of the 2007 ACM workshop on Formal methods in security engineeringA security policy of an information system is a set of security requirements that correspond to permissions, prohibitions and obligations to execute some actions when some contextual conditions are satisfied. Traditional approaches consider that the ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Publisher
Australian Computer Society, Inc.
Australia
Publication History
Published: 01 January 2005
Author Tags
Qualifiers
- Article
Conference
ACSC '05
Acceptance Rates
Overall Acceptance Rate 136 of 379 submissions, 36%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 218Total Downloads
- Downloads (Last 12 months)20
- Downloads (Last 6 weeks)6
Reflects downloads up to 18 Nov 2024
Other Metrics
Citations
Cited By
View all- Ma JOrgun MSattar A(2009)Theories of Trust for Communication ProtocolsProceedings of the 6th International Conference on Autonomic and Trusted Computing10.1007/978-3-642-02704-8_18(236-248)Online publication date: 30-Jun-2009
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in