International audienceThe rewrite-based approach provides executable specifications for security policies, which can be independently designed, verified, and then anchored on programs using a modular discipline. In this paper, we describe how to perform queries over these rule-based policies in order to increase the trust of the policy author on the correct behavior of the policy. The analysis we provide is founded on the strategic narrowing process, which provides both the necessary abstraction for simulating executions of the policy over access requests and the mechanism for solving {\it what-if} queries from the security administrator. We illustrate this general approach by the analysis of a firewall system policy
It is difficult to develop and manage large, multi-author access control policies without a means to...
Abstract Security policies are ubiquitous in information systems and more generally in the managemen...
In defining large, complex access control policies, one would like to compose sub-policies, perhaps ...
International audienceThe rewrite-based approach provides executable specifications for security pol...
AbstractThe rewrite-based approach provides executable specifications for security policies, which c...
International audienceAdministration of access control policies is a difficult task, especially in l...
AbstractData protection within information systems is one of the main concerns in computer systems s...
International audienceData protection within information systems is one of the main concerns in comp...
International audienceAccess control is a central issue among the overall security goals of informat...
International audienceSecurity policies, in particular access control, are fundamental elements of c...
AbstractIn this paper we propose a formalization of access control policies based on term rewriting....
In this paper we propose a formalization of access control policies based on term rewriting. The sta...
International audienceFormal methods for the specification and analysis of security policies have dr...
Network and host-based access controls, for example, firewall systems, are important points of secur...
Access control is the traditional center of gravity of computer security [1]. People specify access ...
It is difficult to develop and manage large, multi-author access control policies without a means to...
Abstract Security policies are ubiquitous in information systems and more generally in the managemen...
In defining large, complex access control policies, one would like to compose sub-policies, perhaps ...
International audienceThe rewrite-based approach provides executable specifications for security pol...
AbstractThe rewrite-based approach provides executable specifications for security policies, which c...
International audienceAdministration of access control policies is a difficult task, especially in l...
AbstractData protection within information systems is one of the main concerns in computer systems s...
International audienceData protection within information systems is one of the main concerns in comp...
International audienceAccess control is a central issue among the overall security goals of informat...
International audienceSecurity policies, in particular access control, are fundamental elements of c...
AbstractIn this paper we propose a formalization of access control policies based on term rewriting....
In this paper we propose a formalization of access control policies based on term rewriting. The sta...
International audienceFormal methods for the specification and analysis of security policies have dr...
Network and host-based access controls, for example, firewall systems, are important points of secur...
Access control is the traditional center of gravity of computer security [1]. People specify access ...
It is difficult to develop and manage large, multi-author access control policies without a means to...
Abstract Security policies are ubiquitous in information systems and more generally in the managemen...
In defining large, complex access control policies, one would like to compose sub-policies, perhaps ...