Institutional Repository
| model checking security policy model using both uml static and dynamic diagrams | |
| Cheng Liang; Zhang Yang | |
| 2011 | |
| 会议名称 | 4th International Conference on Security of Information and Networks, SIN 2011 |
| 会议录名称 | ACM International Conference Proceeding Series |
| 页码 | 159-166 |
| 会议日期 | November 1 |
| 会议地点 | Sydney, NSW, Australia |
| 收录类别 | EI |
| ISBN | 9781450310208 |
| 部门归属 | (1) State Key Laboratory of Information Security Institute of Software Chinese Academy of Sciences Beijing 100190 China |
| 摘要 | An operating system relies heavily on its security model to defend against malicious attacks. It has been one of the hottest research domains for decades to validate security models' correctness by formal methods during the development of security operating systems. However, current studies on the formal verification of security models are sometimes too sophisticated for the developers of operating systems, who are usually not experts in mathematical reasoning and proving. So representing a security model in UML becomes a compromise choice for the developers' verification work during system developing. In this paper, we propose a new method to verify the security policy model against the security goals using model checker SPIN and UML modeling language. Given a security policy model and the security property to be validated, our approach leverages UML class diagrams and statechart diagrams to specify its state model and its state transitions respectively. Then we translate these UML diagrams into the input language of SPIN automatically, as well as the security property. The conformance between the security goal and security model can finally be analyzed by SPIN. We proved the effectiveness of our approach by checking the violation of confidentiality of the DBLP model. © 2011 ACM.; An operating system relies heavily on its security model to defend against malicious attacks. It has been one of the hottest research domains for decades to validate security models' correctness by formal methods during the development of security operating systems. However, current studies on the formal verification of security models are sometimes too sophisticated for the developers of operating systems, who are usually not experts in mathematical reasoning and proving. So representing a security model in UML becomes a compromise choice for the developers' verification work during system developing. In this paper, we propose a new method to verify the security policy model against the security goals using model checker SPIN and UML modeling language. Given a security policy model and the security property to be validated, our approach leverages UML class diagrams and statechart diagrams to specify its state model and its state transitions respectively. Then we translate these UML diagrams into the input language of SPIN automatically, as well as the security property. The conformance between the security goal and security model can finally be analyzed by SPIN. We proved the effectiveness of our approach by checking the violation of confidentiality of the DBLP model. © 2011 ACM. |
| 关键词 | Formal Methods Frequency Hopping Graphic Methods Network Security Security Systems |
| 主办者 | The Air Force Office of Scientific Research (AFOSR); The Office of Naval Research-Global (ONRG); The Asian Office of Aerospace Research and Development (AOARD); U.S. Army RDECOM |
| 语种 | 英语 |
| 内容类型 | 会议论文 |
| URI标识 | http://ir.iscas.ac.cn/handle/311060/16239 |
| 专题 | 中国科学院软件研究所 |
| 推荐引用方式 GB/T 7714 | Cheng Liang,Zhang Yang. model checking security policy model using both uml static and dynamic diagrams[C],2011:159-166. |
| 条目包含的文件 | 条目无相关文件。 | |||||
| 个性服务 |
| 推荐该条目 |
| 保存到收藏夹 |
| 查看访问统计 |
| 导出为Endnote文件 |
| 谷歌学术 |
| 谷歌学术中相似的文章 |
| [Cheng Liang]的文章 |
| [Zhang Yang]的文章 |
| 百度学术 |
| 百度学术中相似的文章 |
| [Cheng Liang]的文章 |
| [Zhang Yang]的文章 |
| 必应学术 |
| 必应学术中相似的文章 |
| [Cheng Liang]的文章 |
| [Zhang Yang]的文章 |
| 相关权益政策 |
| 暂无数据 |
| 收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论