Abstract
This paper introduces a modelling framework to perform automatic analyses on the specification of an information exchange policy. To avoid the increase of development costs and risks of uncontrolled dissemination of information, the specification errors need to be detected before the implementation phase. We propose a minimalist core language to unambiguously represent an exchange policy specification and a gateway to logic solvers to verify some properties, namely: completeness, consistency, applicability and minimality. The aim is to check whether the formalisation of an exchange policy is consistent with user expectations.
Keywords
- Requirements engineering
- formal methods
- verification
- information exchange policy
Chapter PDF
References
Abou El Kalam, A., Baida, R.E., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization Based Access Control. 4th IEEE International Workshop on Policies for Distributed Systems and Networks, Policy 2003 (June 2003)
Anastasakis, K., Bordbar, B., Georg, G., Ray, I.: UML2Alloy: A Challenging Model Transformation. In: Engels, G., Opdyke, B., Schmidt, D.C., Weil, F. (eds.) MODELS 2007. LNCS, vol. 4735, pp. 436–450. Springer, Heidelberg (2007)
Berre, D.L., Parrain, A.: The sat4j library, release 2.2. JSAT 7(2-3), 59–56 (2010)
Bieber, P., Cuppens, F.: A logical view of secure dependencies. Journal of Computer Security 1(1), 99–130 (1992)
Bieber, P., Cuppens, F.: Expression of confidentiality policies with deontic logic, pp. 103–123. John Wiley & Sons, Inc., New York (1994)
Cabot, J., Clarisó, R., Riera, D.: Verification of uml/ocl class diagrams using constraint programming. In: ICSTW 2008: Proceedings of the 2008 IEEE International Conference on Software Testing Verification and Validation Workshop, pp. 73–80. IEEE Computer Society, Washington, DC (2008)
Castanẽda, H.N.: Thinking and doing. D. Reidel, Dordrecht (1975)
Chellas, B.F.: Modal logic, an introduction. Cambridge University Press (1980)
Cholvy, L., Cuppens, F.: Analyzing consistency of security policies. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 103–112 (May 1997)
Cholvy, L., Garion, C., Saurel, C.: Information sharing policies for coalition systems. In: NATO RTO-IST-062 Symposium on Dynamic Communications Management (2006)
Cuppens, F., Miège, A.: Administration Model for Or-BAC. In: Computer Systems Science and Engineering (CSSE 2004), vol. 19 (2004)
Cuppens-Boulahia, N., Cuppens, F.: Specifying intrusion detection and reaction policies: An application of deontic logic. In: van der Meyden, R., van der Torre, L. (eds.) DEON 2008. LNCS (LNAI), vol. 5076, pp. 65–80. Springer, Heidelberg (2008)
Delmas, R., Doose, D., Pires, A.F., Polacsek, T.: Supporting model based design. In: Bellatreche, L., Mota Pinto, F. (eds.) MEDI 2011. LNCS, vol. 6918, pp. 237–248. Springer, Heidelberg (2011)
Eén, N., Sörensson, N.: Translating pseudo-boolean constraints into sat. JSAT 2(1-4), 1–26 (2006)
Ferraiolo, D., Kuhn, R.: Role-based access control. In: 15th NIST-NCSC National Computer Security Conference, pp. 554–563 (1992)
Gallier, J.H.: Logic for Computer Science: Foundations of Automatic Theorem Proving, ch. 10, pp. 448–476. Wiley (1987)
Halpern, J.Y., Weissman, V.: Using first-order logic to reason about policies. CoRR abs/cs/0601034 (2006)
ITSEC: Information technology security evaluation criteria (itsec): Preliminary harmonised criteria. Tech. Rep. Document COM(90) 314, Version 1.2., Commission of the European Communities (1991)
Jones, A.J.I., Sergot, M.: Formal specification of security requirements using the theory of normative positions. In: Deswarte, Y., Quisquater, J.-J., Eizenberg, G. (eds.) ESORICS 1992. LNCS, vol. 648, pp. 103–121. Springer, Heidelberg (1992)
Manquinho, V., Marques-Silva, J., Planes, J.: Algorithms for weighted boolean optimization. In: Kullmann, O. (ed.) SAT 2009. LNCS, vol. 5584, pp. 495–508. Springer, Heidelberg (2009)
McCarthy, J.: Modality, si! modal logic, no! Studia Logica 59(1), 29–32 (1997)
Sebastiani, R., Vescovi, M.: Automated reasoning in modal and description logics via sat encoding: the case study of k(m)/alc-satisfiability. J. Artif. Intell. Res. (JAIR) 35, 343–389 (2009)
Tseitin, G.S.: On the complexity of derivations in the propositional calculus. Studies in Mathematics and Mathematical Logic II (1968)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Delmas, R., Polacsek, T. (2013). Formal Methods for Exchange Policy Specification. In: Salinesi, C., Norrie, M.C., Pastor, Ó. (eds) Advanced Information Systems Engineering. CAiSE 2013. Lecture Notes in Computer Science, vol 7908. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38709-8_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-38709-8_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38708-1
Online ISBN: 978-3-642-38709-8
eBook Packages: Computer ScienceComputer Science (R0)