Towards a Formal Specification Method for Enterprise Information System Security

  • Anirban Sengupta
  • Mridul Sankar Barik
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4332)


As information infrastructure is becoming more and more complex, and connected, the security properties like confidentiality, integrity and availability are becoming more and more difficult to protect. The international community is adopting security standards such as ISO 17799 for best practices in security management and Common Criteria for security certification of IT products. It has been recognized that the security of enterprises has to be tackled from the point of view of a management structure than from a purely technological angle, and to achieve this, the primary need is to have a comprehensive security policy. A security model is a formal way of capturing such security policies. Most existing security models cannot support a wide range of security policies. The need is to develop a formal security model that combines the intricacies of the entire gamut of existing security models and supports security policies for a wide range of enterprises.


Security Policy Security Model Security Management Access Control Model Information Asset 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bell, D.E., LaPadula, L.J.: Secure Computer Systems: Unified Exposition and Multics Interpretation. ESD-TR-75-306, MTR 2997 Rev. 1, The MITRE Corporation (March 1976)Google Scholar
  2. 2.
    Biba, K.J.: Integrity Considerations for Secure Computer systems. Mitre TR-3153, Mitre Corporation, Bedford, MA (April 1977)Google Scholar
  3. 3.
    Brewer, D.F.C., Nash, M.J.: The Chinese Wall Security Policy. In: Proceedings of the 1989 IEEE Computer Society Symposium on Security and Privacy, Oakland, California, May 1-3, 1989, pp. 206–214. IEEE Computer Society Press, Washington (1989)Google Scholar
  4. 4.
    Clark, D.D., Wilson, D.R.: Evolution of a Model for Computer Integrity. In: Report of the Invitational Workshop on Data Integrity, January 25-27, 1989, Gaithersburg, Maryland. NIST Special Publication, pp. 500–168 (1989)Google Scholar
  5. 5.
    Denning, D.E.: A Lattice Model of Secure Information Flow. Communications of ACM 19(5), 236–243 (1976)MATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Information Technology - Code of practice for information security management, ISO/IEC 17799:2005(E) (2005)Google Scholar
  7. 7.
    Information technology - Security techniques - Evaluation criteria for IT security ISO/IEC 15408-1:1999(E) (1999)Google Scholar
  8. 8.
    IT Baseline Protection Manual, BSI (2004)Google Scholar
  9. 9.
    Lampson, B.W.: Protection. In: Proc. Fifth Princeton Symposium on Information Sciences and Systems, Princeton University, March 1971, pp. 437–443 (1971)Google Scholar
  10. 10.
    Sandhu, R.S.: Lattice-based access control models. IEEE Computer 26(11), 9–19 (1993)Google Scholar
  11. 11.
    Sandhu, R.S., et al.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)Google Scholar
  12. 12.
    Thomas, R.K., Sandhu, R.S.: Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Authorization Management. In: Proceedings of the IFIP TC11 WG11.3 Eleventh International Conference on Database Security XI: Status and Prospects, August 10-13, pp. 166–181 (1997)Google Scholar
  13. 13.
    Yu, C.-F., Gligor, V.D.: A Specification and Verification Method for Preventing Denial of Service. IEEE Trans. on Software Engineering 16(6), 581–592 (1990)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Anirban Sengupta
    • 1
  • Mridul Sankar Barik
    • 2
  1. 1.Centre for Distributed ComputingJadavpur UniversityKolkataIndia
  2. 2.Dept. of Comp. Sc. & Engg.Jadavpur UniversityKolkataIndia

Personalised recommendations