S-Promela: An executable specification security policies language

Abbassi, Ryma; Fatmi, Sihem Guemara El

doi:10.1109/comnet.2009.5373568

“…Designed and developed a generic policy framework to represent, analyze, and validate the secure policies. The Ponder [2], KAoS [3], Rei [4], XACML [5], S-Promela [6], GBPF [7], SPL [8], and TPL [9] policy specification languages were developed on various factors, such as domain, web, network, syntax, semantics, predicate, and protocol. Introduced a new policy type called "user-defined" to specify custom needs and user defined policies.…”

Section: Discussionmentioning

confidence: 99%

“…Policy specification languages KAoS [3], Rei [4], and XACML [5] were not based on formal methods, hence they need a special tool to validate the policies externally. Ponder [2] and SPromela [6] policy specification languages use the syntax and semantics of high level programming languages such as C, C++, and Java, which makes it difficult for the stakeholders to understand. The high level programming language representation creates a communication barrier among stakeholders, specification engineers, and design engineers.…”

Section: Framework To Specify Security Policiesmentioning

confidence: 99%

“…Hence, formal specification languages help to specify, create, analyze, maintain, and protect the business rules from ambiguity and false interpretation. There are several specification languages that exist in the literature [2,3,4,5,6,7,8,9,10], which represent secure aspects of a system, but these specification languages are developed on various factors, such as domain, web, network, syntax, semantics, predicate, and protocol. There is no secure policy specification language that uses the full extent of formal methods, which help to specify secure aspects of the system.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Secure Descartes: A Security Extension to Descartes Specification Language

Inukollu¹,

Urban²

2020

IJSEA

0

View full text Add to dashboard Cite

With increase in demand for the security aspects of software, every phase of the Software Development Life Cycle (SDLC) is experiencing major changes with respect to security. Security designers, developers, and testers are keen on improving various security aspects of a system. Specification of security requirements propagates to different phases of an SDLC and there exist different techniques and methodologies to specify security requirements. Business level security requirements are specified using policy specification languages. The current literature has specification languages that are domain based, web based, network based, syntax based, semantics based, predicate based, and protocol based. In this research effort, a generic secure policy prototype and components of the generic secure policy were defined using formal methods. The Descartes specification language, a formal executable specification language, has been developed to specify software systems. The development of a secure policy framework along with extended constructs of the Descartes specification language for specifying secure policies are some of the deliverables of this research effort. Concepts of secure policies were adopted from the SPromela, Ponder, and REI methodologies for secure policy specification, analysis, and design.

show abstract

“…The security policies are represented in different formats depending on the syntax and semantics of the specification language. S-Promela [6], stands for Security-based Promela, which is an executable policy specification language, has been built on concepts and rules. S-Promela uses both syntax and semantic patterns as that of a regular programming language, such as C, C++, and Java.…”

Section: Policy Languages and Frameworkmentioning

confidence: 99%

“…S-Promela uses both syntax and semantic patterns as that of a regular programming language, such as C, C++, and Java. S-Promela defines the security policy as a "formal statement of the rules by which people that are given access to an organization technology and information assets must abide" [6]. Ponder [3] and XACML [5] are non-semantic based policy specification languages.…”

Section: Policy Languages and Frameworkmentioning

confidence: 99%

Untitled

2020

IJSEA

0

View full text Add to dashboard Cite

With increase in demand for the security aspects of software, every phase of the Software Development Life Cycle (SDLC) is experiencing major changes with respect to security. Security designers, developers, and testers are keen on improving various security aspects of a system. Specification of security requirements propagates to different phases of an SDLC and there exist different techniques and methodologies to specify security requirements. Business level security requirements are specified using policy specification languages. The current literature has specification languages that are domain based, web based, network based, syntax based, semantics based, predicate based, and protocol based. In this research effort, a generic secure policy prototype and components of the generic secure policy were defined using formal methods. The Descartes specification language, a formal executable specification language, has been developed to specify software systems. The development of a secure policy framework along with extended constructs of the Descartes specification language for specifying secure policies are some of the deliverables of this research effort. Concepts of secure policies were adopted from the SPromela, Ponder, and REI methodologies for secure policy specification, analysis, and design.

show abstract