Title :
A language for secure requirement description based on information flow
Author :
Cheng, Liang ; Zhang, Yang ; Feng, Dengguo
Author_Institution :
State Key Lab. of Inf. Security, Chinese Acad. of Sci., Beijing, China
Abstract :
The verification of policy configuration is the key point during the security analysis of SELinux. Most of current verification methods focus on the construction of policy configurations mathematical model, rather than the difficulty of security requirements description for the verifiers. A new security requirement description language (SRDL) based on the theory of information flow is proposed, whose syntax is irrelevant with the verification tools logic systems. Without knowing the mathematical logic behind those verification tools, every requirement can be represented as one or more information flows with SRDL by the verifier. The complier of SRDL could translate these flows into verification tools input automatically. Such a SRDL complier is implemented for the analysis of SELinux. It can translate SRDLs flows into the input model of NuSMV, a wildly used model checker.
Keywords :
Linux; configuration management; formal logic; formal verification; program compilers; security of data; systems analysis; NuSMV; SELinux; information flow; logic system; mathematical logic; mathematical model; model checker; policy configuration; secure requirement description; security analysis; verification method; verification tool; verifier; Security;
Conference_Titel :
Intelligent Computing and Intelligent Systems (ICIS), 2010 IEEE International Conference on
Conference_Location :
Xiamen
Print_ISBN :
978-1-4244-6582-8
DOI :
10.1109/ICICISYS.2010.5658325
