Loading [MathJax]/extensions/MathMenu.js
Efficient algorithmic safety analysis of HRU security models | IEEE Conference Publication | IEEE Xplore
Subscribe
ADVANCED SEARCH
Conferences >2010 International Conference...

Efficient algorithmic safety analysis of HRU security models

PDF
Anja Fischer; Winfried Ku¨hnhauser
All Authors

Abstract:

In order to achieve a high degree of security, IT systems with sophisticated security requirements increasingly apply security models for specifying, analyzing and implem...Show More

Metadata

Abstract:

In order to achieve a high degree of security, IT systems with sophisticated security requirements increasingly apply security models for specifying, analyzing and implementing their security policies. While this approach achieves considerable improvements in effectiveness and correctness of a system's security properties, model specification, analysis and implementation are yet quite complex and expensive. This paper focuses on the efficient algorithmic safety analysis of HRU security models. We present the theory and practical application of a method that decomposes a model into smaller and autonomous sub-models that are more efficient to analyze. A recombination of the results then allows to infer safety properties of the original model. A security model for a real-world enterprise resource planning system demonstrates the approach.
Published in: 2010 International Conference on Security and Cryptography (SECRYPT)
Date of Conference: 26-28 July 2010
Date Added to IEEE Xplore: 05 April 2011
Electronic ISBN:978-989-8425-18-8
Conference Location: Athens, Greece
References is not available for this document.
Contents

1 Introduction

IT systems with advanced security requirements increasingly apply problem-specific security policies for describing, analyzing and implementing security properties (?;?;?;?). In order to precisely describe security policies, formal security models such as (?; ?;?; ?) are applied, allowing for formal analyses of security properties and serving as specifications from which policy implementations are generated (?).

Select All
1.
Ammann, P. E. and Sandhu, R. S. ( 1991 ). Safety Analysis for the Extended Schematic Protection Model. In Proc. IEEE Symposium on Security and Privacy. IEEE Press.
View Article
Google Scholar
2.
Bell, D. E. and LaPadula, L. J. ( 1973 ). Secure Computer Systems: Mathematical Foundations (Vol. I). Technical Report AD 770 768, MITRE.
Google Scholar
3.
Brewer, D. F. and Nash, M. J. ( 1989 ). The Chinese Wall Security Policy. In Proc. IEEE Symposium on Security and Privacy. IEEE Press.
View Article
Google Scholar
4.
Bryce, C., Kühnhauser, W. E., Amouroux, R., and Lopéz, M. ( 1997 ). CWASAR: A European Infrastructure for Secure Electronic Commerce. Journal of Computer Security, IOS Press.
CrossRef Google Scholar
5.
Common3.1 ( 2009 ). Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 3.
Google Scholar
6.
Crampton, J. and Khambhammettu, H. ( 2008 ). Delegation in Role-based Access Control. Int. Journal of Information Security.
CrossRef Google Scholar
7.
Denning, D. E. ( 1976 ). A Lattice Model of Secure Information Flow. Communications of the ACM.
CrossRef Google Scholar
8.
Efstathopoulos, P. and Kohler, E. ( 2008 ). Manageable Fine-Grained Information Flow. In Proc. 2008 EuroSys Conference. ACM SIGOPS.
CrossRef Google Scholar
9.
Goguen, J. and Meseguer, J. ( 1982 ). Security Policies and Security Models. In Proc. IEEE Symposium on Security and Privacy. IEEE.
View Article
Google Scholar
10.
Halfmann, U. and Kühnhauser, W. E. ( 1999 ). Embedding Security Policies Into a Distributed Computing Environment. Operating Systems Review.
CrossRef Google Scholar
11.
Harrison, M. A. and Ruzzo, W. L. ( 1978 ). Monotonic Protection Systems. In DeMillo, R., Dobkin, D., Jones, A., and Lipton, R. editors, Foundations of Secure Computation. Academic Press.
Google Scholar
12.
Harrison, M. A., Ruzzo, W. L., and Ullman, J. D. ( 1975 ). On Protection in Operating Systems. Operating Systems Review, 5th Symposium on Operating Systems Principles.
CrossRef Google Scholar
13.
Harrison, M. A., Ruzzo, W. L., and Ullman, J. D. ( 1976 ). Protection in Operating Systems. Communications of the ACM.
CrossRef Google Scholar
14.
Kleiner, E. and Newcomb, T. ( 2006 ). Using CSP to Decide Safety Problems for Access Control Policies. Technical Report RR-06-04, Oxford University Computing Laboratory.
Google Scholar
15.
Kleiner, E. and Newcomb, T. ( 2007 ). On the Decidability of the Safety Problem for Access Control Policies. Electronic Notes in Theoretical Computer Science (ENTCS).
CrossRef Google Scholar
16.
Krohn, K. and Rhodes, J. ( 1965 ). Algebraic Theory of Machines. I. Prime Decomposition Theorem for Finite Semigroups and Machines. Transactions of the American Mathematical Society.
CrossRef Google Scholar
17.
Li, N., Mitchell, J. C., and Winsborough, W. H. ( 2005 ). Beyond Proof-of-compliance: Security Analysis in Trust Management. JACM.
CrossRef Google Scholar
18.
Lipton, R. and Snyder, L. ( 1978 ). On Synchronization and Security. In DeMillo, R., Dobkin, D., Jones, A., and Lipton, R. editors, Foundations of Secure Computation. Academic Press.
Google Scholar
19.
Loscocco, P. A. and Smalley, S. D. ( 2001 ). Integrating Flexible Support for Security Policies into the Linux Operating System. In Cole, C. editor, Proc. 2001 USENIX Ann. Techn. Conference.
Google Scholar
20.
Pittelli, P. A. ( 1988 ). The Bell-LaPadula Computer Security Model Represented as a Special Case of the Harrison-Ruzzo-Ullman Model. In Proc. National Computer Security Conference. NBS/NCSC.
Google Scholar
21.
Sandhu, R. S. ( 1992 ). The Typed Access Matrix Model. In Proc. IEEE Symposium on Security and Privacy. IEEE.
View Article
Google Scholar
22.
Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. ( 1996 ). Role-Based Access Control Models. IEEE Computer.
View Article
Google Scholar
23.
SAP AG ( 2009 ). SAP History. http://www.sap.com/.
Google Scholar
24.
Vimercati, S. D. C. d., Samarati, P., and Jajodia, S. ( 2005 ). Policies, Models, and Languages for Access Control. In 4th Int. Workshop on Databases in Networkes Information Systems, Volume 3433/2005 of LNCS. Springer.
CrossRef Google Scholar

Contact IEEE to Subscribe
More Like This
Safety Decidability for Pre-Authorization Usage Control with Finite Attribute Domains

IEEE Transactions on Dependable and Secure Computing

Published: 2016

Safety Decidability for Pre-Authorization Usage Control with Identifier Attribute Domains

IEEE Transactions on Dependable and Secure Computing

Published: 2020

Show More

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.