Computer Security — ESORICS 92

Volume 648 of the series Lecture Notes in Computer Science pp 103-121


Formal specification of security requirements using the theory of normative positions

  • Andrew J. I. JonesAffiliated withLIFIA-INPG
  • , Marek SergotAffiliated withDepartment of Computing, Imperial College of Science, Technbology and Medicine

* Final gross prices may vary according to local VAT.

Get Access


We use a number of the examples presented in [Ting 1990] to illustrate how the formal theory of normative positions may serve as a tool for clarifying, and making precise, the specification of security requirements, particularly in regard to access control. We describe the basic features of the theory of normative positions (which has its roots in the analytical theory of law), and of the modal logics (deontic and action logics) involved in its formulation. We then indicate three levels of software we have under development, which aim to turn the analytical procedures into a practical tool. Our concluding remarks relate our discussion of Ting's examples to some particular issues in the formal specification of computer systems.