Article

Free access

Integration of formal and heuristic reasoning as a basis for testing and debugging computer security policy

Authors:

J. Bret Michael,

Edgar H. Sibley,

David C. LittlemanAuthors Info & Claims

NSPW '92-93: Proceedings on the 1992-1993 workshop on New security paradigms

Pages 69 - 75

https://doi.org/10.1145/283751.283784

Published: 03 August 1993 Publication History

PDF eReader

References

[1]

Bell, D. E., and LaPadula, L. J., Secure Computer System: Unified Exposition and Multics Interpretation. Technical Report MTR-2997, The MITRE Corporation, Bedford, Massachusetts, March, 1976.

Crossref

Google Scholar

[2]

Dobson, J. E., Blyth, A. J. C., Chudge, J., and Strens, M. R., "The ORDIT Approach to Requirements Identification," Proceedings of the Sixteenth Annual International Computer Software and Applications Conference. Los Alamitos, California: IEEE Computer Society Press, 1992, pp. 356-361.

Google Scholar

[3]

J ajodia, S., and Kogan, B., "integrating an Object-Oriented Data Model with Multilevel Security," Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy. Los Alamitos, California: IEEE Computer Society Press, 1990, pp. 76-85.

Google Scholar

[4]

McLean, J., "The Specification and Modeling of Computer Security," IEEE Computer 23, 11 (1990), pp. 9-16.

Digital Library

Google Scholar

[5]

Michael, J. B. A Formal Approach to Testing the Consistency of Composed Security Policies, Ph.D. dissertation, School of Information Technology and Engineering, George Mason University, 1993.

Digital Library

Google Scholar

[6]

Michael, J. B., Sibley, E. H., and Wexelblat, R. L., "A Modeling Paradigm for Representing Intentions in Information Systems," Proceedings of the First Workshop on Information Technologies and Systems. Massachusetts Institute of Technology Sloan School of Management, Cambridge, Massachusetts, 1991, pp. 21-34.

Google Scholar

[7]

Sibley, E. H., Michael, J. B., and Sandhu, R. S. "A Case-Study of Security Policy for Manual and Automated Systems," In Proceedings of the Sixth Annual Conference on Computer Assurance. IEEE Computer Society Press, Los Alamitos, California, 1991, pp. 63-68.

Google Scholar

[8]

Sibley, E. H., Wexelblat, R. L., Michael, J. B., Tanner, M. C., and Littman, D. C., "The Role of Policy in Requirements Definition," Proceedings of lhe IEEE International Symposium on Requirements Engineering. Los Alamitos, California: IEEE Computer Society Press, 1993, pp. 277-280.

Google Scholar

[9]

Wahlstrom, B. "Avoiding Technological Risks: The Dilemma of Complexity," Journal of Technological Forecasting and Social Change 42, 4 (1992), pp. 351-365.

Crossref

Google Scholar

[10]

Wilkes, M. V., "Revisiting Computer Security in the Business World," Communications of the A CM 34, 8 (1991), pp. 19-21.

Digital Library

Google Scholar

Cited By

View all

Pieters WDimkov TPavlovic D(2013)Security Policy Alignment: A Formal ApproachIEEE Systems Journal10.1109/JSYST.2012.22219337:2(275-287)Online publication date: Jun-2013
https://doi.org/10.1109/JSYST.2012.2221933
Mansor AKadir WElias H(2011)Policy-based approach for dynamic architectural adaptation: A case study on location-based system2011 Malaysian Conference in Software Engineering10.1109/MySEC.2011.6140664(171-176)Online publication date: Dec-2011
https://doi.org/10.1109/MySEC.2011.6140664
Graham ARadhakrishnan TGrossner C(2004)Incremental validation of policy-based systemsProceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004.10.1109/POLICY.2004.1309176(240-249)Online publication date: 2004
https://doi.org/10.1109/POLICY.2004.1309176
Show More Cited By

Recommendations

A formal security policy for xenon
FMSE '08: Proceedings of the 6th ACM workshop on Formal methods in security engineering

The up-front choice of security policy and formalism used to model it is critical to the success of projects that seek to enforce information-flow security. This paper reports on the Xenon project's choice of policy and formalism. Xenon is a high-...
Formal specification and integration of distributed security policies

We propose in this paper the Security Policy Language (SePL), which is a formal language for capturing and integrating distributed security policies. The syntax of SePL includes several operators for the integration of policies and it is endowed with a ...
Computer security policy: Important issues

A key success factor in implementing computer security is the much discussed and important issue of management commitment. Management commitment is demonstrated through the effective fostering of a computer security policy within the organization. Many ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

NSPW '92-93: Proceedings on the 1992-1993 workshop on New security paradigms

August 1993

198 pages

ISBN:0818654309

DOI:10.1145/283751

Editors:
J. Bret Michael
Argonne National Lab, Argonne, IL
,
Victoria Ashby,
Catherine Meadows
Naval Research Lab, Washington, DC

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 August 1993

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Acceptance Rates

Overall Acceptance Rate 98 of 265 submissions, 37%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
435
Total Downloads

Downloads (Last 12 months)28
Downloads (Last 6 weeks)5

Reflects downloads up to 30 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Pieters WDimkov TPavlovic D(2013)Security Policy Alignment: A Formal ApproachIEEE Systems Journal10.1109/JSYST.2012.22219337:2(275-287)Online publication date: Jun-2013
https://doi.org/10.1109/JSYST.2012.2221933
Mansor AKadir WElias H(2011)Policy-based approach for dynamic architectural adaptation: A case study on location-based system2011 Malaysian Conference in Software Engineering10.1109/MySEC.2011.6140664(171-176)Online publication date: Dec-2011
https://doi.org/10.1109/MySEC.2011.6140664
Graham ARadhakrishnan TGrossner C(2004)Incremental validation of policy-based systemsProceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004.10.1109/POLICY.2004.1309176(240-249)Online publication date: 2004
https://doi.org/10.1109/POLICY.2004.1309176
Lupu ESloman M(1999)Conflicts in Policy-Based Distributed Systems ManagementIEEE Transactions on Software Engineering10.1109/32.82441425:6(852-869)Online publication date: 1-Nov-1999
https://dl.acm.org/doi/10.1109/32.824414

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Recommendations

A formal security policy for xenon

Formal specification and integration of distributed security policies

Computer security policy: Important issues