Formal Specification and Validation of Security Policies

Tony Bourdier 1 Horatiu Cirstea 1 Mathieu Jaume 2 Hélène Kirchner 1, 3
1 PAREO - Formal islands: foundations and applications
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
2 SPI - Sémantiques, preuves et implantation
LIP6 - Laboratoire d'Informatique de Paris 6
Abstract : We propose a formal framework for the specification and validation of security policies. To model a secured system, the evolution of security information in the system is described by transitions triggered by authorization requests and the policy is given by a set of rules describing the way the corresponding decisions are taken. Policy rules are constrained rewrite rules whose constraints are first-order formulas on finite domains, which provides enhanced expressive power compared to classical security policy specification approaches like the ones using Datalog, for example. Our specifications have an operational semantics based on transition and rewriting systems and are thus executable. This framework also provides a common formalism to define, compare and compose security systems and policies. We define transformations over secured systems in order to perform validation of classical security properties.
Complete list of metadatas

Cited literature [24 references]  Display  Hide  Download
Contributor : Tony Bourdier <>
Submitted on : Tuesday, February 22, 2011 - 9:01:02 AM
Last modification on : Thursday, March 21, 2019 - 2:30:17 PM
Long-term archiving on: Tuesday, November 6, 2012 - 2:40:23 PM


Files produced by the author(s)



Tony Bourdier, Horatiu Cirstea, Mathieu Jaume, Hélène Kirchner. Formal Specification and Validation of Security Policies. FPS - 4th Canada-France MITACS Workshop on Foundations and Practice of Security - 2011, May 2011, Paris, France. pp.148-163, ⟨10.1007/978-3-642-27901-0_12⟩. ⟨inria-00507300v2⟩



Record views


Files downloads