A process algebraic approach to security policies

被引：0

作者：

Ryan, P ^{[1
]}

Arnesen, RR ^{[1
]}

机构：

[1] Univ Newcastle Upon Tyne, Newcastle Upon Tyne NE1 7RU, Tyne & Wear, England

来源：

RESEARCH DIRECTIONS IN DATA AND APPLICATIONS SECURITY | 2003年 / 128卷

关键词：

security policy; access control policy; process algebra; CSP;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

We discuss the nature of security policies, particularly those that arise in the context of healthcare informatics, and the kind of mathematical framework needed to describe and reason about them. Various special purpose frameworks for this purpose have been presented over the years, many using bespoke logics and models of computation. We argue that the properties of interest can be expressed cleanly in a mainstream formal method, in particular in the process algebra CSP. This has a number of advantages: we have a well-established, uniform framework with well-defined semantics to work with and access to a number of well established tools to verify and validate our models and implementations. By way of illustration we describe a CSP formulation of a policy for a clinical trials application drawn for the Framework 5 HARP Project.

引用

页码：301 / 312

页数：12

共 9 条

[1]

BUTLER MJ, CSP2B PRACTICAL APPR

[2]

Hoare C. A. R., 1985, COMMUNICATING SEQUEN

[3]

Roscoe AW., 1997, The Theory and Practice of Concurrency

[4]

Ryan P.Y. A., 2001, MODELLING ANAL SECUR

[5]

RYAN PYA, 2001, J COMPUTER SECURITY, V9

[6]

RYAN PYA, 2000, LNCS, V2171

[7]

Schneider F. B., 2000, ACM Transactions on Information and Systems Security, V3, P30, DOI 10.1145/353323.353382

[8]

Schneider S., 2000, Concurrent and Real-time systems

[9]

SCHNEIDER S, 1996, P IEEE S SEC PRIV

← 1 →