Abstract
It is universally recognized, that one of the most effective approaches to security management consists in the use of policy-based security systems. This approach assumes that all actions of the system under defense are performed according to a policy incorporating a multitude of if-else rules describing the system behavior. It is hard for a system administrator while constructing a security policy to detect and resolve without an appropriate software tool all possible inconsistencies even inside one category of security rules (authentication, authorization, filtering, channel protection, operational, etc.), not to mention inter-category inconsistencies. The paper describes a general approach to the security policy verification and presents a software tool “Security Checker” that can serve as a security policy debugger for various policy categories. Security Checker can also be used as Security policy verification tool for complex distributed Geographical Information Systems (GIS).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
E. Al-Shaer, H. Hamed, R. Boutaba, M. Hasan: Conflict classification and analysis of distributed firewall policies. IEEE Journal on Selected Areas in Communications, Vol.23(10) (2005)
Alur, R., Henzinger, T.A., Mang, F.Y.C., Qadeer, S., Rajamani, S.K., Tasiran, S.: Mocha: Modularity in model checking. Proceedings of the Tenth International Conference on Computer-aided Verification (CAV 1998), Lecture Notes in Computer Science, Springer-Verlag, Vol.1427 (1998)
Alur, R., Anand, H., Grosu, R., Ivancic, F., Kang, M., McDougall, M., Wang, B.-Y., de Alfaro, L., Henzinger, T.A., Horowitz, B., Majumdar, R., Mang, F.Y.C., Meyer-Kirsch, C., Minea, M., Qadeer, S., Rajamani, S.K., Raskin, J.-F.: Mocha User Manual. JMocha Version 2.0. http://embedded.eecs.berkeley.edu/research/mocha/doc/j-doc/
Avizienis, A.: Dependability and Its Threats. http://citeseer.ist.psu.edu/705929.html
Bandara, A.K., Lupu, E.C., Russo, A.: Using Event Calculus to Formalise Policy Specification and Analysis. 4th IEEE Workshop on Policies for Distributed Systems and Networks (Policy 2003) (2003)
Basile, C., Lioy, A.: Towards an algebraic approach to solve policy conflicts. FCS’04, Turku (Finland) (2004)
Cambridge University and TU Munich: Isabelle. http://isabelle.in.tum.de
Cimatti, A., Clarke, E., Giunchiglia, E., Giunchiglia, F., Pistore, M., Roveri, M., Sebastiani, R., Tacchella, A.: NuSMV Version 2: An OpenSource Tool for Symbolic Model Checking. Proceedings of the International Conference on Computer-Aided Verification (CAV 2002), LNCS, Springer-Verlag, V.2404 (2002)
Clarke, E.M., Wing, J.: Formal methods: state of the art and future directions. ACM Computing Surveys: Special ACM 50th anniversary issue: strategic directions in computing research. Vol.28, No.4 (1996)
The CIFF Proof Procedure for Abductive Logic Programming. http://www.doc.ic.ac.uk/~ue/ciff
Endriss, U., Mancarella, P., Sadri, F., Terreni, G., Toni, F.: The CIFF Proof Procedure: Definition and Soundness Results. Technical Report 2004/2, Department of Computing, Imperial College London (2004)
Fung, T.H., Kowalski, R.A.: The IFF Proof Procedure for Abductive Logic. Programming Journal of Logic Programming, Vol.33, No.2 (1997)
Gordon, M., Melham, T.: Introduction to HOL: A theorem proving environment for higher order logic. Cambridge University Press (1993)
Group, T.V.: VIS: A system for Verification and Synthesis. Proceedings of the 8th International Conference on Computer Aided Verification, Lecture Notes in Computer Science, Springer-Verlag, Vol.1102 (1996)
Hamed, H., Al-Shaer, E., Marrero, W.: Modeling and verification of IPSec and VPN security policies. IEEE ICNP’05 (2005)
Hartel, P.H., van Eck, P., Etalle, S., Wieringa, R.: Modelling Mobility Aspects of Security Policies. CASSIS 2004 (2004)
Holzmann, G.J.: Design and Validation of Computer Protocols. Englewood Cliffs, N.J.: Prentice Hall (1991)
Holzmann, G.J.: The Model Checker SPIN. IEEE Transaction in Software Engineering, Vol.23, No.5 (1997)
IBM Formal Methods Research Group: IBM Formal Methods Home Page. http://www.haifa.il.ibm.com/projects/verification/FormalMethods-Home
Intel Strategic CAD Labs. http://www.intel.com/research/scl
Jackson, D., Rinard, M: Software Analysis: a Roadmap. Proceedings of 2000 ICSE (2000)
Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Transaction Database Systems, Vol.26, No.2 (2001)
Kakas, A.C., Kowalski, R.A., Toni, F.: Abductive Logic Programming. Journal of Logic and Computation, Vol.2, No.6. (2003)
Kaufmann, M., Moore, J.: An Industrial Strength Theorem Prover for a Logic Based on Common Lisp. IEEE Transactions on Software Engineering, Vol.23, No.4 (1997)
Kowalski, R.A., Sergot, M.J.: A logic-based calculus of events. New Generation Computing, Vol.4 (1986)
Lupu, E., Sloman, M.: Conflicts in Policy-based Distributed Systems Management. IEEE Transactions on Software Engineering, Vol.25, No.6, 1999.
Madhavapeddy, A., Mycroft, A., Scott, D., Sharp, R.: The case for abstracting security policies. International Conference on Security and Management (SAM), CSREA Press, Vol.1 (2003)
McMillan, K.: The SMV System. http://www.cs.cmu.edu/_modelcheck/smv.html
Mitchell, J.C., Mitchell, M., Stern, U.: Automated analysis of cryptographic protocols using Murphi. Proceedings of IEEE Symposium on Security and Privacy (1997)
Mitchell, J.C., Shmatikov, V., Stern, U.: Finite-State Analysis of SSL 3.0. Proceedings of 7th USENIX Security Symposium (1998)
Nalumasu, R., Gopalakrishnan, G.: PV: an Explicit Enumeration Modelchecker. Formal Methods in Computer Aided Design FMCAD’98. Lecture Notes in Computer Science, Springer-Verlag, Vol.1522 (1998)
On-The-Fly, LTL Model Checking with SPIN. http://netlib.belllabs.com/netlib/spin/whatispin.html
Powell, D., Deswarte, Y.: On Dependability Concepts with respect to Deliberately Malicious Faults. http://citeseer.ist.psu.edu/480547.html
Randell, B.: Dependability-a unifying concept. Computer Security, Dependability, and Assurance: From Needs to Solutions. IEEE Computer Society (1999)
Schneider, F.B.: Enforceable security policies. ACM Transactions on Information and System Security, Vol.3, No.1 (2000)
SICStus Prolog. http://www.sics.se/isl/sicstuswww/site/index.html
Westerinen, A., Strassner, J., Scherling, M., Quinn, B., Herzog, S., Huynh, A., Carlson, M., Perry, J., Waldbusser, S.: Terminology for Policy-Based Management (RFC 3198). www.rfc-archive.org/getrfc.php?rfc=3198
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kotenko, I., Tishkov, A., Chervatuk, O., Sidelnikova, E. (2007). Security Policy Verification Tool for Geographical Information Systems. In: Popovich, V.V., Schrenk, M., Korolenko, K.V. (eds) Information Fusion and Geographic Information Systems. Lecture Notes in Geoinformation and Cartography. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-37629-3_9
Download citation
DOI: https://doi.org/10.1007/978-3-540-37629-3_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-37628-6
Online ISBN: 978-3-540-37629-3
eBook Packages: Earth and Environmental ScienceEarth and Environmental Science (R0)