Title :
Notice of Violation of IEEE Publication Principles
A Formal Framework for Security Policy Specification and Implementation
Author :
Yigong, Wang ; Hongqi, Zhang ; Xiangdong, Dai ; Jiang, Liu
Author_Institution :
Henan Key Lab. of Inf. Security, Zhengzhou Inf. Sci. & Technol. Inst., Zhengzhou, China
Abstract :
Notice of Violation of IEEE Publication Principles
"A Formal Framework for Security Policy Specification and Implementation"
by Wang Yigong, Zhang Hongqi, Dai Xiangdong, and Liu jiang
in the Proceedings of the 2011 International Conference on Network Computing and Information Security (NCIS\´11), May 2011, pp. 253-256
After careful and considered review of the content and authorship of this paper by a duly constituted expert committee, this paper has been found to be in violation of IEEE\´s Publication Principles.
This paper contains substantial duplication of original text from the papers cited below. The original text was copied without attribution (including appropriate references to the original authors and/or paper titles) and without permission.
Due to the nature of this violation, reasonable effort should be made to remove all past references to this paper, and future references should be made to the following articles:
"A Formal Approach to Implement Access Control"
by Mathieu Jaume and Charles Morisset
in the Journal of Information Assurance and Security, 2 (2006), pp. 59-70
and
"Towards a Formal Specification of Access Control"
by Mathieu Jaume and Charles Morisset
in the Proceedings of the 2006 Workshop on Foundations of Computer Security and Automated Reasoning for Security Protocol Analysis (FCS-ARSPA\´06)
In information systems, security policies are used to specify various security requirements, and the guarantee of these requirements can be obtained by implementing the security policies efficiently and consistently. Therefore, specification and implementation of security policies are of great importance to information system security. In this paper, we propose a formal security policy framework, allowing to specify diverse security policies, together with a description of implementation of security policies, which can enhance the efficiency and security of the information system. As - an example, we show how the proposed model can be used to specify and implement the Bell and LaPadula policies.
Keywords :
formal specification; information systems; security of data; Bell policies; LaPadula policies; formal security policy framework; information system security; security policy specification; security requirements; Authorization; Computational modeling; Information security; Semantics; inforamtion system; policy implementation; policy sepecification; security policy;
Conference_Titel :
Network Computing and Information Security (NCIS), 2011 International Conference on
Conference_Location :
Guilin
Print_ISBN :
978-1-61284-347-6
DOI :
10.1109/NCIS.2011.57
