Information Technology Reference
In-Depth Information
Logical Resolving for Security Evaluation
Peter D. Zegzhda, Dmitry P. Zegzhda, and Maxim O. Kalinin
Information Security Centre of Saint-Petersburg Polytechnical University
P.O. Box 290, K-273, Saint-Petersburg, 195251
{zeg,dmitry,max@}ssl.stu.neva.ru
Abstract.
The paper discusses approach for testing security policies enforce-
ment and weakness and enterprises it's implementation for keeping assurance in
system protection. Using such techniques it is possible to examine the protec-
tions of thousands of security-related objects on a multi-user system and iden-
tify security drawbacks. By acting on this information, security officer or sys-
tem administrator can significantly reduce their system security exposure. The
document examines theoretical foundations for design the safety evaluation
toolkit. Finally, paper describes a functional structure of the integrated evalua-
tion workshop based on the security analyzing kernel.
Keywords:
access control, logic, language, resolution, safety problem resolv-
ing, secure state, security evaluation, security model.
Introduction
A fall down occurs in suitably secure commercial operating systems, applications, and
network components, especially with respect to security. Commercial offerings have
serious security vulnerabilities. Most existing systems lack adequately secure inter-
connectability and interoperability. Each vendor has taken its own approach, rela-
tively independent of the others. The revealing of all this vulnerable features com-
prises the goal of security evaluation process. There is very little understanding as to
how security can be attained by integrating a collection of components, and even less
understanding as to what assurance that security might provide.
Vendors are discouraged from offering secure systems because significant time and
effort are required to develop a system capable of meeting the evaluation criteria and
to marshal it through the evaluation process. Moreover, because of evaluation delays,
an evaluated product is typically no longer the current version of the system, which
necessitates repeated reevaluation. For high assurance systems, the difficulties of
using formal methods add further complexity to both development and evaluation.
Assurance that a system behavior will not result in the unauthorized access is fun-
damental to ensuring that the enforcing of the security policy will guarantee a system
security.
The paper discusses an outgoing approach to evaluation of the security policy en-
forcement and related tools implementation.
Related Work
Most of the other work on security resolving relates to safety evaluation. Formal ap-
proaches are not intuitive and do not easily map onto implementation. The ASL [1] is
