Information Technology Reference
In-Depth Information
For this aspect, support tools have been implemented. We have developed a secu-
rity constraints checker, SPR, which uses the logical resolution. The SPR-based tool-
kit, SEW, was constructed for the workplaces operating system safety evaluation. The
SEW can drastically improve the security policy enforcement.
This experiment also raises several interesting real-world problems which seem to
require more theoretical development. In particular, the analysis of the security policy
constraints shows that the concepts of responsibility must be modeled. It also shows
that our approach must be extended in order to express temporal notions and differ-
ence between the declared and implemented security features (such as the security
flaws and vulnerabilities). There are several other functionalities that we plan to in-
vestigate in the future. For instance, functionality for designing evaluation tools for
intercommunication between several systems, each of them being associated with its
own security policy.
Observing our current achievements and the results of analysis of the security poli-
cies enforcement by the security mechanisms of common operating systems, we can
show that the theoretical undecidability can be resolved in the particular cases with
proposed technique.
References
1. Jajodia, S., Samarati, P., and Subrahmanian, V.S.: A Logical Language for Expressing Au-
thorizations. Proc. of the IEEE Symposium on Security and Privacy, Oakland, CA (1997)
2. Hoagland, J.A., Panday, R., and Levitt, K.N.: Security Policy Specification Using a Graphi-
cal Approach. Tech. report CSE-98-3, UC Davis Computer Science Dept. (1998)
3. Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Lan-
guage. Proc. Policy 2001: Workshop on Policies for Distributed Systems and Networks,
Bristol, UK (2001)
4. Goguen, J. and Meseguer, J.: Security policies and security models. Proc. of the 1982 IEEE
Symposium on Security and Privacy, Oakland, CA (1982)
5. McLean, J.: Reasoning about security models. Proc. of the 1987 IEEE Symposium on Se-
curity and Privacy, Oakland, CA (1987)
6. McLean, J.: The Algebra of Security, Proc. 1988 IEEE Symposium on Security and Privacy
(April 1988)
7. McLean, J.: Security models and information flow, Proc. 1990 IEEE Symposium on Secu-
rity and Privacy (May 1990)
8. Bell, D. and LaPadula, L.: Secure Computer Systems: Unified Exposition and Multics In-
terpretation, Technical Report, MTR-2997, MITRE, Bedford, Mass (1975)
9. Harrison, M., Ruzzo, W., and Ullman, J.: Protection in operating systems. Communications
of the ACM. 19(8) (August 1976) 461-471
10. Bratko, I.: PROLOG Programming for Artificial Intelligence. Addison-Wesley Pub Co;
3rd edition (2000)
