Loading [MathJax]/extensions/MathMenu.js
Efficient algorithmic safety analysis of HRU security models | IEEE Conference Publication | IEEE Xplore

Efficient algorithmic safety analysis of HRU security models


Abstract:

In order to achieve a high degree of security, IT systems with sophisticated security requirements increasingly apply security models for specifying, analyzing and implem...Show More

Abstract:

In order to achieve a high degree of security, IT systems with sophisticated security requirements increasingly apply security models for specifying, analyzing and implementing their security policies. While this approach achieves considerable improvements in effectiveness and correctness of a system's security properties, model specification, analysis and implementation are yet quite complex and expensive. This paper focuses on the efficient algorithmic safety analysis of HRU security models. We present the theory and practical application of a method that decomposes a model into smaller and autonomous sub-models that are more efficient to analyze. A recombination of the results then allows to infer safety properties of the original model. A security model for a real-world enterprise resource planning system demonstrates the approach.
Date of Conference: 26-28 July 2010
Date Added to IEEE Xplore: 05 April 2011
Electronic ISBN:978-989-8425-18-8
Conference Location: Athens, Greece
References is not available for this document.

1 Introduction

IT systems with advanced security requirements increasingly apply problem-specific security policies for describing, analyzing and implementing security properties (?;?;?;?). In order to precisely describe security policies, formal security models such as (?; ?;?; ?) are applied, allowing for formal analyses of security properties and serving as specifications from which policy implementations are generated (?).

Select All
1.
Ammann, P. E. and Sandhu, R. S. ( 1991 ). Safety Analysis for the Extended Schematic Protection Model. In Proc. IEEE Symposium on Security and Privacy. IEEE Press.
2.
Bell, D. E. and LaPadula, L. J. ( 1973 ). Secure Computer Systems: Mathematical Foundations (Vol. I). Technical Report AD 770 768, MITRE.
3.
Brewer, D. F. and Nash, M. J. ( 1989 ). The Chinese Wall Security Policy. In Proc. IEEE Symposium on Security and Privacy. IEEE Press.
4.
Bryce, C., Kühnhauser, W. E., Amouroux, R., and Lopéz, M. ( 1997 ). CWASAR: A European Infrastructure for Secure Electronic Commerce. Journal of Computer Security, IOS Press.
5.
Common3.1 ( 2009 ). Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 3.
6.
Crampton, J. and Khambhammettu, H. ( 2008 ). Delegation in Role-based Access Control. Int. Journal of Information Security.
7.
Denning, D. E. ( 1976 ). A Lattice Model of Secure Information Flow. Communications of the ACM.
8.
Efstathopoulos, P. and Kohler, E. ( 2008 ). Manageable Fine-Grained Information Flow. In Proc. 2008 EuroSys Conference. ACM SIGOPS.
9.
Goguen, J. and Meseguer, J. ( 1982 ). Security Policies and Security Models. In Proc. IEEE Symposium on Security and Privacy. IEEE.
10.
Halfmann, U. and Kühnhauser, W. E. ( 1999 ). Embedding Security Policies Into a Distributed Computing Environment. Operating Systems Review.
11.
Harrison, M. A. and Ruzzo, W. L. ( 1978 ). Monotonic Protection Systems. In DeMillo, R., Dobkin, D., Jones, A., and Lipton, R. editors, Foundations of Secure Computation. Academic Press.
12.
Harrison, M. A., Ruzzo, W. L., and Ullman, J. D. ( 1975 ). On Protection in Operating Systems. Operating Systems Review, 5th Symposium on Operating Systems Principles.
13.
Harrison, M. A., Ruzzo, W. L., and Ullman, J. D. ( 1976 ). Protection in Operating Systems. Communications of the ACM.
14.
Kleiner, E. and Newcomb, T. ( 2006 ). Using CSP to Decide Safety Problems for Access Control Policies. Technical Report RR-06-04, Oxford University Computing Laboratory.
15.
Kleiner, E. and Newcomb, T. ( 2007 ). On the Decidability of the Safety Problem for Access Control Policies. Electronic Notes in Theoretical Computer Science (ENTCS).
16.
Krohn, K. and Rhodes, J. ( 1965 ). Algebraic Theory of Machines. I. Prime Decomposition Theorem for Finite Semigroups and Machines. Transactions of the American Mathematical Society.
17.
Li, N., Mitchell, J. C., and Winsborough, W. H. ( 2005 ). Beyond Proof-of-compliance: Security Analysis in Trust Management. JACM.
18.
Lipton, R. and Snyder, L. ( 1978 ). On Synchronization and Security. In DeMillo, R., Dobkin, D., Jones, A., and Lipton, R. editors, Foundations of Secure Computation. Academic Press.
19.
Loscocco, P. A. and Smalley, S. D. ( 2001 ). Integrating Flexible Support for Security Policies into the Linux Operating System. In Cole, C. editor, Proc. 2001 USENIX Ann. Techn. Conference.
20.
Pittelli, P. A. ( 1988 ). The Bell-LaPadula Computer Security Model Represented as a Special Case of the Harrison-Ruzzo-Ullman Model. In Proc. National Computer Security Conference. NBS/NCSC.
21.
Sandhu, R. S. ( 1992 ). The Typed Access Matrix Model. In Proc. IEEE Symposium on Security and Privacy. IEEE.
22.
Sandhu, R. S., Coyne, E. J., Feinstein, H. L., and Youman, C. E. ( 1996 ). Role-Based Access Control Models. IEEE Computer.
23.
SAP AG ( 2009 ). SAP History. http://www.sap.com/.
24.
Vimercati, S. D. C. d., Samarati, P., and Jajodia, S. ( 2005 ). Policies, Models, and Languages for Access Control. In 4th Int. Workshop on Databases in Networkes Information Systems, Volume 3433/2005 of LNCS. Springer.

Contact IEEE to Subscribe

References

References is not available for this document.