Skip to main content

Formal Methods for Exchange Policy Specification

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNISA,volume 7908)


This paper introduces a modelling framework to perform automatic analyses on the specification of an information exchange policy. To avoid the increase of development costs and risks of uncontrolled dissemination of information, the specification errors need to be detected before the implementation phase. We propose a minimalist core language to unambiguously represent an exchange policy specification and a gateway to logic solvers to verify some properties, namely: completeness, consistency, applicability and minimality. The aim is to check whether the formalisation of an exchange policy is consistent with user expectations.


  • Requirements engineering
  • formal methods
  • verification
  • information exchange policy


  1. Abou El Kalam, A., Baida, R.E., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization Based Access Control. 4th IEEE International Workshop on Policies for Distributed Systems and Networks, Policy 2003 (June 2003)

    Google Scholar 

  2. Anastasakis, K., Bordbar, B., Georg, G., Ray, I.: UML2Alloy: A Challenging Model Transformation. In: Engels, G., Opdyke, B., Schmidt, D.C., Weil, F. (eds.) MODELS 2007. LNCS, vol. 4735, pp. 436–450. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  3. Berre, D.L., Parrain, A.: The sat4j library, release 2.2. JSAT 7(2-3), 59–56 (2010)

    Google Scholar 

  4. Bieber, P., Cuppens, F.: A logical view of secure dependencies. Journal of Computer Security 1(1), 99–130 (1992)

    Google Scholar 

  5. Bieber, P., Cuppens, F.: Expression of confidentiality policies with deontic logic, pp. 103–123. John Wiley & Sons, Inc., New York (1994)

    Google Scholar 

  6. Cabot, J., Clarisó, R., Riera, D.: Verification of uml/ocl class diagrams using constraint programming. In: ICSTW 2008: Proceedings of the 2008 IEEE International Conference on Software Testing Verification and Validation Workshop, pp. 73–80. IEEE Computer Society, Washington, DC (2008)

    CrossRef  Google Scholar 

  7. Castanẽda, H.N.: Thinking and doing. D. Reidel, Dordrecht (1975)

    Google Scholar 

  8. Chellas, B.F.: Modal logic, an introduction. Cambridge University Press (1980)

    Google Scholar 

  9. Cholvy, L., Cuppens, F.: Analyzing consistency of security policies. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 103–112 (May 1997)

    Google Scholar 

  10. Cholvy, L., Garion, C., Saurel, C.: Information sharing policies for coalition systems. In: NATO RTO-IST-062 Symposium on Dynamic Communications Management (2006)

    Google Scholar 

  11. Cuppens, F., Miège, A.: Administration Model for Or-BAC. In: Computer Systems Science and Engineering (CSSE 2004), vol. 19 (2004)

    Google Scholar 

  12. Cuppens-Boulahia, N., Cuppens, F.: Specifying intrusion detection and reaction policies: An application of deontic logic. In: van der Meyden, R., van der Torre, L. (eds.) DEON 2008. LNCS (LNAI), vol. 5076, pp. 65–80. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  13. Delmas, R., Doose, D., Pires, A.F., Polacsek, T.: Supporting model based design. In: Bellatreche, L., Mota Pinto, F. (eds.) MEDI 2011. LNCS, vol. 6918, pp. 237–248. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  14. Eén, N., Sörensson, N.: Translating pseudo-boolean constraints into sat. JSAT 2(1-4), 1–26 (2006)

    MATH  Google Scholar 

  15. Ferraiolo, D., Kuhn, R.: Role-based access control. In: 15th NIST-NCSC National Computer Security Conference, pp. 554–563 (1992)

    Google Scholar 

  16. Gallier, J.H.: Logic for Computer Science: Foundations of Automatic Theorem Proving, ch. 10, pp. 448–476. Wiley (1987)

    Google Scholar 

  17. Halpern, J.Y., Weissman, V.: Using first-order logic to reason about policies. CoRR abs/cs/0601034 (2006)

    Google Scholar 

  18. ITSEC: Information technology security evaluation criteria (itsec): Preliminary harmonised criteria. Tech. Rep. Document COM(90) 314, Version 1.2., Commission of the European Communities (1991)

    Google Scholar 

  19. Jones, A.J.I., Sergot, M.: Formal specification of security requirements using the theory of normative positions. In: Deswarte, Y., Quisquater, J.-J., Eizenberg, G. (eds.) ESORICS 1992. LNCS, vol. 648, pp. 103–121. Springer, Heidelberg (1992)

    CrossRef  Google Scholar 

  20. Manquinho, V., Marques-Silva, J., Planes, J.: Algorithms for weighted boolean optimization. In: Kullmann, O. (ed.) SAT 2009. LNCS, vol. 5584, pp. 495–508. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  21. McCarthy, J.: Modality, si! modal logic, no! Studia Logica 59(1), 29–32 (1997)

    MathSciNet  MATH  CrossRef  Google Scholar 

  22. Sebastiani, R., Vescovi, M.: Automated reasoning in modal and description logics via sat encoding: the case study of k(m)/alc-satisfiability. J. Artif. Intell. Res. (JAIR) 35, 343–389 (2009)

    MathSciNet  MATH  Google Scholar 

  23. Tseitin, G.S.: On the complexity of derivations in the propositional calculus. Studies in Mathematics and Mathematical Logic II (1968)

    Google Scholar 

Download references

Author information

Authors and Affiliations


Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Delmas, R., Polacsek, T. (2013). Formal Methods for Exchange Policy Specification. In: Salinesi, C., Norrie, M.C., Pastor, Ó. (eds) Advanced Information Systems Engineering. CAiSE 2013. Lecture Notes in Computer Science, vol 7908. Springer, Berlin, Heidelberg.

Download citation

  • DOI:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38708-1

  • Online ISBN: 978-3-642-38709-8

  • eBook Packages: Computer ScienceComputer Science (R0)