ISCAS OpenIR
model checking security policy model using both uml static and dynamic diagrams
Cheng Liang; Zhang Yang
2011
Conference Name4th International Conference on Security of Information and Networks, SIN 2011
SourceACM International Conference Proceeding Series
Pages159-166
Conference DateNovember 1
Conference PlaceSydney, NSW, Australia
Indexed TypeEI
ISBN9781450310208
Department(1) State Key Laboratory of Information Security Institute of Software Chinese Academy of Sciences Beijing 100190 China
English AbstractAn operating system relies heavily on its security model to defend against malicious attacks. It has been one of the hottest research domains for decades to validate security models' correctness by formal methods during the development of security operating systems. However, current studies on the formal verification of security models are sometimes too sophisticated for the developers of operating systems, who are usually not experts in mathematical reasoning and proving. So representing a security model in UML becomes a compromise choice for the developers' verification work during system developing. In this paper, we propose a new method to verify the security policy model against the security goals using model checker SPIN and UML modeling language. Given a security policy model and the security property to be validated, our approach leverages UML class diagrams and statechart diagrams to specify its state model and its state transitions respectively. Then we translate these UML diagrams into the input language of SPIN automatically, as well as the security property. The conformance between the security goal and security model can finally be analyzed by SPIN. We proved the effectiveness of our approach by checking the violation of confidentiality of the DBLP model. © 2011 ACM.; An operating system relies heavily on its security model to defend against malicious attacks. It has been one of the hottest research domains for decades to validate security models' correctness by formal methods during the development of security operating systems. However, current studies on the formal verification of security models are sometimes too sophisticated for the developers of operating systems, who are usually not experts in mathematical reasoning and proving. So representing a security model in UML becomes a compromise choice for the developers' verification work during system developing. In this paper, we propose a new method to verify the security policy model against the security goals using model checker SPIN and UML modeling language. Given a security policy model and the security property to be validated, our approach leverages UML class diagrams and statechart diagrams to specify its state model and its state transitions respectively. Then we translate these UML diagrams into the input language of SPIN automatically, as well as the security property. The conformance between the security goal and security model can finally be analyzed by SPIN. We proved the effectiveness of our approach by checking the violation of confidentiality of the DBLP model. © 2011 ACM.
KeywordFormal Methods Frequency Hopping Graphic Methods Network Security Security Systems
SponsorshipThe Air Force Office of Scientific Research (AFOSR); The Office of Naval Research-Global (ONRG); The Asian Office of Aerospace Research and Development (AOARD); U.S. Army RDECOM
Language英语
Content Type会议论文
URIhttp://ir.iscas.ac.cn/handle/311060/16239
Collection中国科学院软件研究所
Recommended Citation
GB/T 7714
Cheng Liang,Zhang Yang. model checking security policy model using both uml static and dynamic diagrams[C],2011:159-166.
Files in This Item:
There are no files associated with this item.
Related Services
Recommend this item
Bookmark
Usage statistics
Export to Endnote
Google Scholar
Similar articles in Google Scholar
[Cheng Liang]'s Articles
[Zhang Yang]'s Articles
Baidu academic
Similar articles in Baidu academic
[Cheng Liang]'s Articles
[Zhang Yang]'s Articles
Bing Scholar
Similar articles in Bing Scholar
[Cheng Liang]'s Articles
[Zhang Yang]'s Articles
Terms of Use
No data!
Social Bookmark/Share
All comments (0)
No comment.
 

Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.