Computer Science – Cryptography and Security
Scientific paper
1998-09-30
Computer Science
Cryptography and Security
28 pages, 22 figures, in color (but color is not essential for viewing); UC Davis CS department technical report (July 22, 199
Scientific paper
A security policy states the acceptable actions of an information system, as the actions bear on security. There is a pressing need for organizations to declare their security policies, even informal statements would be better than the current practice. But, formal policy statements are preferable to support (1) reasoning about policies, e.g., for consistency and completeness, (2) automated enforcement of the policy, e.g., using wrappers around legacy systems or after the fact with an intrusion detection system, and (3) other formal manipulation of policies, e.g., the composition of policies. We present LaSCO, the Language for Security Constraints on Objects, in which a policy consists of two parts: the domain (assumptions about the system) and the requirement (what is allowed assuming the domain is satisfied). Thus policies defined in LaSCO have the appearance of conditional access control statements. LaSCO policies are specified as expressions in logic and as directed graphs, giving a visual view of policy. LaSCO has a simple semantics in first order logic (which we provide), thus permitting policies we write, even for complex policies, to be very perspicuous. LaSCO has syntax to express many of the situations we have found to be useful on policies or, more interesting, the composition of policies. LaSCO has an object-oriented structure, permitting it to be useful to describe policies on the objects and methods of an application written in an object-oriented language, in addition to the traditional policies on operating system objects. A LaSCO specification can be automatically translated into executable code that checks an invocation of a program with respect to a policy. The implementation of LaSCO is in Java, and generates wrappers to check Java programs with respect to a policy.
Hoagland James A.
Levitt Karl N.
Pandey Raju
No associations
LandOfFree
Security Policy Specification Using a Graphical Approach does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.
If you have personal experience with Security Policy Specification Using a Graphical Approach, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Security Policy Specification Using a Graphical Approach will most certainly appreciate the feedback.
Profile ID: LFWR-SCP-O-692700