Formal Methods for Exchange Policy Specification

  • Rémi Delmas
  • Thomas Polacsek
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7908)


This paper introduces a modelling framework to perform automatic analyses on the specification of an information exchange policy. To avoid the increase of development costs and risks of uncontrolled dissemination of information, the specification errors need to be detected before the implementation phase. We propose a minimalist core language to unambiguously represent an exchange policy specification and a gateway to logic solvers to verify some properties, namely: completeness, consistency, applicability and minimality. The aim is to check whether the formalisation of an exchange policy is consistent with user expectations.


Requirements engineering formal methods verification information exchange policy 


  1. 1.
    Abou El Kalam, A., Baida, R.E., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization Based Access Control. 4th IEEE International Workshop on Policies for Distributed Systems and Networks, Policy 2003 (June 2003)Google Scholar
  2. 2.
    Anastasakis, K., Bordbar, B., Georg, G., Ray, I.: UML2Alloy: A Challenging Model Transformation. In: Engels, G., Opdyke, B., Schmidt, D.C., Weil, F. (eds.) MODELS 2007. LNCS, vol. 4735, pp. 436–450. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Berre, D.L., Parrain, A.: The sat4j library, release 2.2. JSAT 7(2-3), 59–56 (2010)Google Scholar
  4. 4.
    Bieber, P., Cuppens, F.: A logical view of secure dependencies. Journal of Computer Security 1(1), 99–130 (1992)Google Scholar
  5. 5.
    Bieber, P., Cuppens, F.: Expression of confidentiality policies with deontic logic, pp. 103–123. John Wiley & Sons, Inc., New York (1994)Google Scholar
  6. 6.
    Cabot, J., Clarisó, R., Riera, D.: Verification of uml/ocl class diagrams using constraint programming. In: ICSTW 2008: Proceedings of the 2008 IEEE International Conference on Software Testing Verification and Validation Workshop, pp. 73–80. IEEE Computer Society, Washington, DC (2008)CrossRefGoogle Scholar
  7. 7.
    Castanẽda, H.N.: Thinking and doing. D. Reidel, Dordrecht (1975)Google Scholar
  8. 8.
    Chellas, B.F.: Modal logic, an introduction. Cambridge University Press (1980)Google Scholar
  9. 9.
    Cholvy, L., Cuppens, F.: Analyzing consistency of security policies. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 103–112 (May 1997)Google Scholar
  10. 10.
    Cholvy, L., Garion, C., Saurel, C.: Information sharing policies for coalition systems. In: NATO RTO-IST-062 Symposium on Dynamic Communications Management (2006)Google Scholar
  11. 11.
    Cuppens, F., Miège, A.: Administration Model for Or-BAC. In: Computer Systems Science and Engineering (CSSE 2004), vol. 19 (2004)Google Scholar
  12. 12.
    Cuppens-Boulahia, N., Cuppens, F.: Specifying intrusion detection and reaction policies: An application of deontic logic. In: van der Meyden, R., van der Torre, L. (eds.) DEON 2008. LNCS (LNAI), vol. 5076, pp. 65–80. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Delmas, R., Doose, D., Pires, A.F., Polacsek, T.: Supporting model based design. In: Bellatreche, L., Mota Pinto, F. (eds.) MEDI 2011. LNCS, vol. 6918, pp. 237–248. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Eén, N., Sörensson, N.: Translating pseudo-boolean constraints into sat. JSAT 2(1-4), 1–26 (2006)zbMATHGoogle Scholar
  15. 15.
    Ferraiolo, D., Kuhn, R.: Role-based access control. In: 15th NIST-NCSC National Computer Security Conference, pp. 554–563 (1992)Google Scholar
  16. 16.
    Gallier, J.H.: Logic for Computer Science: Foundations of Automatic Theorem Proving, ch. 10, pp. 448–476. Wiley (1987)Google Scholar
  17. 17.
    Halpern, J.Y., Weissman, V.: Using first-order logic to reason about policies. CoRR abs/cs/0601034 (2006)Google Scholar
  18. 18.
    ITSEC: Information technology security evaluation criteria (itsec): Preliminary harmonised criteria. Tech. Rep. Document COM(90) 314, Version 1.2., Commission of the European Communities (1991)Google Scholar
  19. 19.
    Jones, A.J.I., Sergot, M.: Formal specification of security requirements using the theory of normative positions. In: Deswarte, Y., Quisquater, J.-J., Eizenberg, G. (eds.) ESORICS 1992. LNCS, vol. 648, pp. 103–121. Springer, Heidelberg (1992)CrossRefGoogle Scholar
  20. 20.
    Manquinho, V., Marques-Silva, J., Planes, J.: Algorithms for weighted boolean optimization. In: Kullmann, O. (ed.) SAT 2009. LNCS, vol. 5584, pp. 495–508. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  21. 21.
    McCarthy, J.: Modality, si! modal logic, no! Studia Logica 59(1), 29–32 (1997)MathSciNetzbMATHCrossRefGoogle Scholar
  22. 22.
    Sebastiani, R., Vescovi, M.: Automated reasoning in modal and description logics via sat encoding: the case study of k(m)/alc-satisfiability. J. Artif. Intell. Res. (JAIR) 35, 343–389 (2009)MathSciNetzbMATHGoogle Scholar
  23. 23.
    Tseitin, G.S.: On the complexity of derivations in the propositional calculus. Studies in Mathematics and Mathematical Logic II (1968)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Rémi Delmas
    • 1
  • Thomas Polacsek
    • 1
  1. 1.ONERAToulouseFrance

Personalised recommendations