Information Technology Reference
In-Depth Information
Safety Evaluation.
For the given system Σ and the access control model
M
we have
to evaluate the safety of system states reachable from the given one.
In the light of the mentioned theoretical foundations and for getting the security
evaluation solution it becomes possible to design the safety evaluation tools which
will help the evaluator to automate the process.
Safety Problem Solution
Safety Evaluation Phases
The solution of the safety evaluation problem may be formulated as follows. For
getting this problem solved it is necessary to execute three phases:
∑
∈
S
Σ
by the security criteria
C
:
1. Evaluate a given system state
∀
c
∈
C
:
∑
)) =
true
2. Prove that the system access control mechanisms realize the access control rules
R
:
∀
c
(
D
(
∑
∑
+
∑
+
∑
∑
∑
+
∈
S
Σ
:
,
=
T
(
q
,
) ∃
s
i
=
D
(
),
s
i
+1
=
D
(
) and ∀
r
∈
R
:
r
(
s
i
,
s
i
+1
) =
true
3. Generate the states
∑
∑
∈
S
Σ
reachable from the given state
∈
S
Σ
and evaluate
∑
∑
∑
∈
S
Σ
:
their safety by the security criteria
C
: ∀
is reachable from
,
s
i
=
∑
): ∀
c
∈
C
:
c
(
s
i
) =
true
Having these, it is sure that given system is safe.
D
(
Safety Evaluation Solution
Evaluation approach is based on a logic-based language for a problem specification
and a special tool for a specification processing.
Safety Problem Specification Language.
It is the logic-based means to express the
access control rules, the security criteria, and the security states definition in the form
of the logical predicates using Prolog syntax [10]. We specify the system security
state and behavior with a Security State Scope. The access control rules described in
SPSL form an Access Control Rules Scope, while state security criteria are noted as a
Security Criteria Scope. SPSL lets to specify a wide class of the access control models
based on the states of system entities and security attributes. We have already used
SPSL for specifying a number of access control models, including Bell-LaPadula
model, Harrisson-Ruzzo-Ullman model, UNIX access control bits, and role based
access control.
For example, consider the Windows2000 operating system. In this system the secu-
rity state is formed by subjects (e.g., users, user groups), objects (e.g., files, registry
keys), and access control rights. Access control rights are written in list, called Access
Control List (ACL). In ACL there is the map between subjects, objects, and access
modes.
