Modelling Mobility Aspects of Security Policies

  • Pieter Hartel
  • Pascal van Eck
  • Sandro Etalle
  • Roel Wieringa
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3362)

Abstract

Security policies are rules that constrain the behaviour of a system. Different, largely unrelated sets of rules typically govern the physical and logical worlds. However, increased hardware and software mobility forces us to consider those rules in an integrated fashion. We present SPIN models of four case studies where mobility plays a role. At present our models are ad-hoc. In each case the model captures both the system of interest and its security policy. The model is then formally checked against a security principle. The model checking activity shows examples of policies that are too weak to cope with mobility.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Schneider, F.B.: Enforceable security policies. ACM Transactions on Information and System Security 3, 30–50 (2000), http://doi.acm.org/10.1145/353323.353382 CrossRefGoogle Scholar
  3. 3.
    Scott, D., Beresford, A., Mycroft, A.: Spatial security policies for mobile agents in a sentient computing environment. In: Pezzé, M. (ed.) FASE 2003. LNCS, vol. 2621, pp. 102–117. Springer, Heidelberg (2003), http://www.springerlink.com/link.asp?id=nyxyyrlkbe5c5acc CrossRefGoogle Scholar
  4. 4.
    Satoh, I.: Physical mobility and logical mobility in ubiquitous computing environments. In: Suri, N. (ed.) MA 2002. LNCS, vol. 2535, pp. 186–201. Springer, Heidelberg (2002), http://springerlink.metapress.com/link.asp?id=yrwh37hleb9rxp81 CrossRefGoogle Scholar
  5. 5.
    Holzmann, G.J.: The SPIN Model Checker: Primer and Reference manual. Pearson Education Inc., Boston Massachusetts (2004)Google Scholar
  6. 6.
    Madhavapeddy, A., Mycroft, A., Scott, D., Sharp, R.: The case for abstracting security policies. In: Arabnia, H.R., Mun, Y. (eds.) Int. Conf. on Security and Management (SAM), vol. 1, pp. 156–160. CSREA Press, Las Vegas (2003), http://cambridgeweb.cambridge.intel-research.net/people/rsharp/publications/sam03-secpol.pdf
  7. 7.
    Cheng, B.H.C., Konrad, S., Campbell, L.A., Wassermann, R.: Using security patterns to model and analyze security requirements. In: Hietmeyer, C., Mead, N. (eds.) Int. Workshop on Requirements for High Assurance Systems (RHAS), Monterey, California, pp. 13–22. Software Engineering Institute, Carnegi mellon Univ. (2003), http://www.sei.cmu.edu/community/rhas-workshop/rhas03-proceedings.pdf
  8. 8.
    Sekar, R., Venkatakrishnan, V.N., Basu, S., Bhatkar, S., DuVarney, D.C.: Model carrying code: A practical approach for safe execution of untrusted applications. In: 19th ACM Symp. on Operating Systems Principles (SOSP), pp. 15–28. ACM Press, New York (2003), http://doi.acm.org/10.1145/945445.945448 CrossRefGoogle Scholar
  9. 9.
    Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proceedings of the IEEE 63, 1278–1308 (1975)CrossRefGoogle Scholar
  10. 10.
    Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: 9th ACM Conf. on Computer and communications security (CCS), pp. 255–264. ACM Press, New York (2002), http://doi.acm.org/10.1145/586110.586145 CrossRefGoogle Scholar
  11. 11.
    Kalker, T., Epema, D.H.J., Hartel, P.H., Lagendijk, R.L., van Steen, M.: Music2Share - Copyright-Compliant music sharing in P2P systems (invited paper). In: Proceedings of the IEEE Special Issue on Digital Rights Management, vol. 92, pp. 961–970 (2004), http://ieeexplore.ieee.org/xpl/abs_free.jsp?arNumber=1299170

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Pieter Hartel
    • 1
  • Pascal van Eck
    • 1
  • Sandro Etalle
    • 1
  • Roel Wieringa
    • 1
  1. 1.Department of Computer ScienceUniversity of TwenteEnschedeThe Netherlands

Personalised recommendations