Title :
Formal Specification and Verification of Modular Security Policy Based on Colored Petri Nets
Author :
Huang, Hejiao ; Kirchner, Hélène
Author_Institution :
Shenzhen Grad. Sch., Harbin Inst. of Technol.Shenzhen UniversityTown, Shenzhen, China
Abstract :
Security policies are one of the most fundamental elements of computer security. Current security policy design is concerned with the composition of components in security systems and interactions among them. Consequently, in a modular specification and verification of a policy, the composition of the modules must consistently assure security policies. A rigorous and systematic way to predict and assure such critical properties is crucial. This paper addresses the problem in a formal way. It uses colored Petri net process (CPNP) to specify and verify security policies in a modular way. It defines fundamental policy properties, i.e., completeness, termination, consistency, and confluence in Petri net terminology and gets some theoretical results. According to the eXtensible Access Control Markup Language (XACML) combiners and property preserving Petri net process algebra (PPPA), several policy composition operators are specified and property preserving results are stated for the policy correctness verification. As an application, the approach is illustrated for the design of Chinese Wall Policy.
Keywords :
Petri nets; XML; authorisation; computer network security; formal specification; formal verification; Chinese wall policy; Petri net process algebra; colored Petri nets; computer security; extensible access control markup language; formal specification; formal verification; modular security policy; Access control; Image color analysis; Network security; Petri nets; Process control; Verification; Security policy; colored Petri net; property preservation.; specification and verification;
Journal_Title :
Dependable and Secure Computing, IEEE Transactions on
DOI :
10.1109/TDSC.2010.43
