Security Policy Enforcement Through Refinement Process

  • Nicolas Stouls
  • Marie-Laure Potet
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4355)


In the area of networks, a common method to enforce a security policy expressed in a high-level language is based on an ad-hoc and manual rewriting process [24]. We argue that it is possible to build a formal link between concrete and abstract terms, which can be dynamically computed from the environment data. In order to progressively introduce configuration data and then simplify the proof obligations, we use the B refinement process. We present a case study modeling a network monitor. This program, described by refinement following the layers of the TCP/IP suite protocol, has to warn for all observed events which do not respect the security policy. To design this model, we use the event-B method because it is suitable for modeling network concepts.

This work has been done within the framework of the POTESTAT project [9], based on the research of network testing methods from a high-level security policy.


Security policy enforcement refinement TCP/IP layers 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abrial, J.R.: Extending B without Changing it. In: Habrias, N.H. (ed.) First Conference on the B method, pp. 169–190 (1996) ISBN 2-906082-25-2Google Scholar
  2. 2.
    Abrial, J.R.: The B-Book. Cambridge University Press, Cambridge (1996)zbMATHCrossRefGoogle Scholar
  3. 3.
    Abrial, J.R.: Event driven sequential program construction. Technical report, ClearSy (2001)Google Scholar
  4. 4.
    Bartal, Y., Mayer, A., Nissim, K., Wool, A.: Firmato: A novel firewall management toolkit. ACM Transactions on Computer Systems 22(4) (1999)Google Scholar
  5. 5.
    Behm, P., Benoit, P., Faivre, A., Meynadier, J.-M.: Météor: A Successful Application of B in a Large Project. In: Wing, J.M., Woodcock, J.C.P., Davies, J. (eds.) FM 1999. LNCS, vol. 1708, pp. 369–387. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  6. 6.
    Butler, M.: A System-Based Approach to the Formal Development of Embedded Controllers for a Railway. Design Automation for Embedded Systems 6(4) (2002)Google Scholar
  7. 7.
    Common Criteria. Common Criteria for Information Technology Security Evaluation, Norme ISO 15408 - version 3.0 Rev. 2 (2005)Google Scholar
  8. 8.
    Cuppens, F., Cuppens-Boulahia, N., Sans, T., Miége, A.: A formal approach to specify and deploy a network security policy. In: Dimitrakos, T., Martinelli, F. (eds.) Formal Aspects in Security and Trust (FAST), Springer, Heidelberg (2004)Google Scholar
  9. 9.
    Darmaillacq, V., Fernandez, J.-C., Groz, R., Mounier, L., Richier, J.-L.: Eléments de modélisation pour le test de politiques de sécurité. In: Colloque sur les RIsques et la Sécurité d’Internet et des Systèmes, CRiSIS, Bourges, France (2005)Google Scholar
  10. 10.
    Denning, D., Denning, P.: Data Security. ACM Computing Survey 11(3), 227–249 (1979)CrossRefGoogle Scholar
  11. 11.
    Jajodia, S., Samarati, P., Subrahmanian, V.S.: A logical language for expressing authorizations. In: IEEE Symp. on Research in Security and Privacy (1997)Google Scholar
  12. 12.
    Jard, C., Jeron, T.: TGV: theory, principles and algorithms. International Journal on Software Tools for Technology Transfer (STTT) 7(4), 297–315 (2005)Google Scholar
  13. 13.
    JTC1. Information technology – Open Systems Interconnection (OSI model). Technical report, Standard ISO 7498 (1997)Google Scholar
  14. 14.
    Abou El Kalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miége, A., Saurel, C., Trouessin, G.: Organization Based Access Control. In: IEEE 4th International Workshop on Policies for Distributed Systems and Networks (POLICY 2003), pp. 120–131 (2003)Google Scholar
  15. 15.
    Lamport, L.: The Temporal Logic of Actions. ACM Transactions on Programming Languages and Systems 16(3), 872–923 (1994)CrossRefGoogle Scholar
  16. 16.
    Lunt, T.E.: Access control policies for database systems. In: Database Security II: Status and Prospects, pp. 41–52. North–Holland, Amsterdam (1989)Google Scholar
  17. 17.
    Masullo, M.: Policy Management: An Architecture and Approach. In: IEEE First International Workshop on Systems Management, pp. 13–26 (1993)Google Scholar
  18. 18.
    Casassa Mont, M., Baldwin, A., Goh, C.: POWER Prototype: Towards Integrated Policy-Based Management. Technical report, HP Laboratories (1999)Google Scholar
  19. 19.
    Samarati, P., de Capitani di Vimercati, S.: Access Control: Policies, Models, and Mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  20. 20.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)Google Scholar
  21. 21.
    Senn, D., Basin, D., Caronni, G.: Firewall Conformance Testing. In: Khendek, F., Dssouli, R. (eds.) TestCom 2005. LNCS, vol. 3502, Springer, Heidelberg (2005)CrossRefGoogle Scholar
  22. 22.
    Sloman, M.: Policy Driven Management for Distributed Systems. Journal of Network and Systems Management 2(4), 333–360 (1994)CrossRefGoogle Scholar
  23. 23.
    Vigna, G.: A Topological Characterization of TCP/IP Security. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, Springer, Heidelberg (2003)Google Scholar
  24. 24.
    Woo, T.Y.C., Lam, S.S.: Authorization in Distributed Systems: A Formal Approach. In: Symposium on Security and Privacy, IEEE Computer Society, Los Alamitos (1992)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Nicolas Stouls
    • 1
  • Marie-Laure Potet
    • 1
  1. 1.Laboratoire Logiciels Systèmes Réseaux – LSR-IMAGGrenobleFrance

Personalised recommendations