Abstract

This paper develops a prototyping technique for information systems security policies. Starting from the algebraic specification of a security policy, we derive an executable specification that represents a prototype of the actual policy. Executing the specification allows determining sequences of actions that lead to security policy violations. We propose a composition framework to build compound algebraic specifications. We show that the mechanism we provide to translate algebraic specifications to executable specifications preserves the composition rules, which is of utmost importance from the engineering perspective. Through accurate examples, we show how executables specifications can be used in conjunction with formal specification in the frame of the security policy engineering process.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call