中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 会议论文
Title:
model checking security policy model using both uml static and dynamic diagrams
Author: Cheng Liang ; Zhang Yang
Source: ACM International Conference Proceeding Series
Conference Name: 4th International Conference on Security of Information and Networks, SIN 2011
Conference Date: November 1
Issued Date: 2011
Conference Place: Sydney, NSW, Australia
Keyword: Formal methods ; Frequency hopping ; Graphic methods ; Network security ; Security systems
Indexed Type: EI
ISBN: 9781450310208
Department: (1) State Key Laboratory of Information Security Institute of Software Chinese Academy of Sciences Beijing 100190 China
Sponsorship: The Air Force Office of Scientific Research (AFOSR); The Office of Naval Research-Global (ONRG); The Asian Office of Aerospace Research and Development (AOARD); U.S. Army RDECOM
Abstract: An operating system relies heavily on its security model to defend against malicious attacks. It has been one of the hottest research domains for decades to validate security models' correctness by formal methods during the development of security operating systems. However, current studies on the formal verification of security models are sometimes too sophisticated for the developers of operating systems, who are usually not experts in mathematical reasoning and proving. So representing a security model in UML becomes a compromise choice for the developers' verification work during system developing. In this paper, we propose a new method to verify the security policy model against the security goals using model checker SPIN and UML modeling language. Given a security policy model and the security property to be validated, our approach leverages UML class diagrams and statechart diagrams to specify its state model and its state transitions respectively. Then we translate these UML diagrams into the input language of SPIN automatically, as well as the security property. The conformance between the security goal and security model can finally be analyzed by SPIN. We proved the effectiveness of our approach by checking the violation of confidentiality of the DBLP model. © 2011 ACM.
English Abstract: An operating system relies heavily on its security model to defend against malicious attacks. It has been one of the hottest research domains for decades to validate security models' correctness by formal methods during the development of security operating systems. However, current studies on the formal verification of security models are sometimes too sophisticated for the developers of operating systems, who are usually not experts in mathematical reasoning and proving. So representing a security model in UML becomes a compromise choice for the developers' verification work during system developing. In this paper, we propose a new method to verify the security policy model against the security goals using model checker SPIN and UML modeling language. Given a security policy model and the security property to be validated, our approach leverages UML class diagrams and statechart diagrams to specify its state model and its state transitions respectively. Then we translate these UML diagrams into the input language of SPIN automatically, as well as the security property. The conformance between the security goal and security model can finally be analyzed by SPIN. We proved the effectiveness of our approach by checking the violation of confidentiality of the DBLP model. © 2011 ACM.
Language: 英语
Content Type: 会议论文
URI: http://ir.iscas.ac.cn/handle/311060/16239
Appears in Collections:软件所图书馆_会议论文

Files in This Item:

There are no files associated with this item.


Recommended Citation:
Cheng Liang,Zhang Yang. model checking security policy model using both uml static and dynamic diagrams[C]. 见:4th International Conference on Security of Information and Networks, SIN 2011. Sydney, NSW, Australia. November 1.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[Cheng Liang]'s Articles
[Zhang Yang]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[Cheng Liang]‘s Articles
[Zhang Yang]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2019  中国科学院软件研究所 - Feedback
Powered by CSpace