A model-based approach to integrating security policies for embedded devices

Michael McDougall, Rajeev Alur, Carl A. Gunter

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Embedded devices like smartcards can now run multiple interacting applications. A particular challenge in this domain is to dynamically integrate diverse security policies. In this paper we show how a framework based on a concise formal model lets us securely customize a payment card equipped with a programmable chip. We present policy automata, a formal model of computations that grant or deny access to a resource. This model combines defeasible logic with state machines, representing complex policies as combinations of simpler modular policies. We use the model in a framework for specifying, merging and analyzing modular policies. This framework is implemented as Polaris, a tool which analyzes policy automata to reveal potential conflicts or redundancies, and compiles automata into Java Card applets.

Original languageEnglish (US)
Title of host publicationEMSOFT 2004 - Fourth ACM International Conference on Embedded Software
PublisherAssociation for Computing Machinery
Pages211-219
Number of pages9
ISBN (Print)1581138601, 9781581138603
DOIs
StatePublished - 2004
Externally publishedYes
EventEMSOFT 2004 - Fourth ACM International Conference on Embedded Software - Pisa, Italy
Duration: Sep 27 2004Sep 29 2004

Publication series

NameEMSOFT 2004 - Fourth ACM International Conference on Embedded Software

Other

OtherEMSOFT 2004 - Fourth ACM International Conference on Embedded Software
Country/TerritoryItaly
CityPisa
Period9/27/049/29/04

Keywords

  • Java Cards
  • Model Based Design
  • Policy Integration
  • Smartcards

ASJC Scopus subject areas

  • General Engineering

Fingerprint

Dive into the research topics of 'A model-based approach to integrating security policies for embedded devices'. Together they form a unique fingerprint.

Cite this