A language for secure requirement description based on information flow

Author

Cheng, Liang ; Zhang, Yang ; Feng, Dengguo

Author_Institution

State Key Lab. of Inf. Security, Chinese Acad. of Sci., Beijing, China

Volume

2

fYear

2010

fDate

29-31 Oct. 2010

Firstpage

397

Lastpage

401

Abstract

The verification of policy configuration is the key point during the security analysis of SELinux. Most of current verification methods focus on the construction of policy configurations mathematical model, rather than the difficulty of security requirements description for the verifiers. A new security requirement description language (SRDL) based on the theory of information flow is proposed, whose syntax is irrelevant with the verification tools logic systems. Without knowing the mathematical logic behind those verification tools, every requirement can be represented as one or more information flows with SRDL by the verifier. The complier of SRDL could translate these flows into verification tools input automatically. Such a SRDL complier is implemented for the analysis of SELinux. It can translate SRDLs flows into the input model of NuSMV, a wildly used model checker.

Keywords

Linux; configuration management; formal logic; formal verification; program compilers; security of data; systems analysis; NuSMV; SELinux; information flow; logic system; mathematical logic; mathematical model; model checker; policy configuration; secure requirement description; security analysis; verification method; verification tool; verifier; Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligent Computing and Intelligent Systems (ICIS), 2010 IEEE International Conference on

Conference_Location

Xiamen

Print_ISBN

978-1-4244-6582-8

Type

conf

DOI

10.1109/ICICISYS.2010.5658325

Filename

5658325