Modeling insecurity: Policy engineering for survivability

Prasad Naldurg; Roy H. Campbell

Modeling insecurity: Policy engineering for survivability

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

We present an access-control policy specification and verification process that is well-suited to model survivability of information resources under threat of compromise. Our process differs from the traditional policy engineering methodology in many ways. First, we contend that traditional safety-property modeling cannot provide any guarantees when the policy enforcement mechanisms are compromised. Therefore, we extend traditional access control specifications by modeling insecure states and transitions explicitly, to describe possible system behavior after compromise. Next, we observe that it may not always possible to recover from an insecure state, and both compromise and recovery impact the availability of information. Based on these observations, we refine traditional information security properties as liveness assertions and explicitly add recovery actions to our specifications, to guarantee resources are available to legitimate users infinitely often, in spite of malicious attacks or inadvertent compromise. We explain our process using an example behavioral specification and show how we can define different measures of availability and verify them using standard model-checking techniques within this framework.

Original language	English (US)
Title of host publication	Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems (In Association with 10th ACM Conference on Computer Communications Security)
Editors	P. Liu, P. Pal
Pages	91-98
Number of pages	8
State	Published - 2003
Event	Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems (In Association with 10th ACM Conference on Computer Communications Security) - Fairfax, VA, United States Duration: Oct 31 2003 → Oct 31 2003

Publication series

Name	Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems

Other

Other	Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems (In Association with 10th ACM Conference on Computer Communications Security)
Country/Territory	United States
City	Fairfax, VA
Period	10/31/03 → 10/31/03

Keywords

Access control models
Availability
Liveness
Security policies
Survivability

ASJC Scopus subject areas

General Engineering

Library availability

Discover UIUC Full Text

Cite this

Naldurg, P., & Campbell, R. H. (2003). Modeling insecurity: Policy engineering for survivability. In P. Liu, & P. Pal (Eds.), Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems (In Association with 10th ACM Conference on Computer Communications Security) (pp. 91-98). (Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems).

Modeling insecurity: Policy engineering for survivability. / Naldurg, Prasad; Campbell, Roy H.
Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems (In Association with 10th ACM Conference on Computer Communications Security). ed. / P. Liu; P. Pal. 2003. p. 91-98 (Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Naldurg, P & Campbell, RH 2003, Modeling insecurity: Policy engineering for survivability. in P Liu & P Pal (eds), Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems (In Association with 10th ACM Conference on Computer Communications Security). Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems, pp. 91-98, Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems (In Association with 10th ACM Conference on Computer Communications Security), Fairfax, VA, United States, 10/31/03.

Naldurg, Prasad ; Campbell, Roy H. / Modeling insecurity : Policy engineering for survivability. Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems (In Association with 10th ACM Conference on Computer Communications Security). editor / P. Liu ; P. Pal. 2003. pp. 91-98 (Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems).

@inproceedings{0507d0f1337c4c92837928c85738d92e,

title = "Modeling insecurity: Policy engineering for survivability",

abstract = "We present an access-control policy specification and verification process that is well-suited to model survivability of information resources under threat of compromise. Our process differs from the traditional policy engineering methodology in many ways. First, we contend that traditional safety-property modeling cannot provide any guarantees when the policy enforcement mechanisms are compromised. Therefore, we extend traditional access control specifications by modeling insecure states and transitions explicitly, to describe possible system behavior after compromise. Next, we observe that it may not always possible to recover from an insecure state, and both compromise and recovery impact the availability of information. Based on these observations, we refine traditional information security properties as liveness assertions and explicitly add recovery actions to our specifications, to guarantee resources are available to legitimate users infinitely often, in spite of malicious attacks or inadvertent compromise. We explain our process using an example behavioral specification and show how we can define different measures of availability and verify them using standard model-checking techniques within this framework.",

keywords = "Access control models, Availability, Liveness, Security policies, Survivability",

author = "Prasad Naldurg and Campbell, {Roy H.}",

year = "2003",

language = "English (US)",

isbn = "1581137842",

series = "Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems",

pages = "91--98",

editor = "P. Liu and P. Pal",

booktitle = "Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems (In Association with 10th ACM Conference on Computer Communications Security)",

note = "Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems (In Association with 10th ACM Conference on Computer Communications Security) ; Conference date: 31-10-2003 Through 31-10-2003",

}

TY - GEN

T1 - Modeling insecurity

T2 - Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems (In Association with 10th ACM Conference on Computer Communications Security)

AU - Naldurg, Prasad

AU - Campbell, Roy H.

PY - 2003

Y1 - 2003

N2 - We present an access-control policy specification and verification process that is well-suited to model survivability of information resources under threat of compromise. Our process differs from the traditional policy engineering methodology in many ways. First, we contend that traditional safety-property modeling cannot provide any guarantees when the policy enforcement mechanisms are compromised. Therefore, we extend traditional access control specifications by modeling insecure states and transitions explicitly, to describe possible system behavior after compromise. Next, we observe that it may not always possible to recover from an insecure state, and both compromise and recovery impact the availability of information. Based on these observations, we refine traditional information security properties as liveness assertions and explicitly add recovery actions to our specifications, to guarantee resources are available to legitimate users infinitely often, in spite of malicious attacks or inadvertent compromise. We explain our process using an example behavioral specification and show how we can define different measures of availability and verify them using standard model-checking techniques within this framework.

AB - We present an access-control policy specification and verification process that is well-suited to model survivability of information resources under threat of compromise. Our process differs from the traditional policy engineering methodology in many ways. First, we contend that traditional safety-property modeling cannot provide any guarantees when the policy enforcement mechanisms are compromised. Therefore, we extend traditional access control specifications by modeling insecure states and transitions explicitly, to describe possible system behavior after compromise. Next, we observe that it may not always possible to recover from an insecure state, and both compromise and recovery impact the availability of information. Based on these observations, we refine traditional information security properties as liveness assertions and explicitly add recovery actions to our specifications, to guarantee resources are available to legitimate users infinitely often, in spite of malicious attacks or inadvertent compromise. We explain our process using an example behavioral specification and show how we can define different measures of availability and verify them using standard model-checking techniques within this framework.

KW - Access control models

KW - Availability

KW - Liveness

KW - Security policies

KW - Survivability

UR - http://www.scopus.com/inward/record.url?scp=2642554057&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=2642554057&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:2642554057

SN - 1581137842

T3 - Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems

SP - 91

EP - 98

BT - Proceedings of the ACM Workshop on Survivable and Self-Regenerative Systems (In Association with 10th ACM Conference on Computer Communications Security)

A2 - Liu, P.

A2 - Pal, P.

Y2 - 31 October 2003 through 31 October 2003

ER -

Modeling insecurity: Policy engineering for survivability

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Library availability

Related links

Fingerprint

Cite this