ABSTRACT
Security certification includes assessing an information system to verify its compliance with diverse, pre-selected security controls. The goal of certification is to identify where controls are implemented correctly and where they are violated, creating potential vulnerability risks. Certification complexity is magnified in software composed of systems of systems where there are limited formal methodologies to express management policies, given a set of security control properties, and verify them against the interaction of the participating components and their individual security policy implementations. In this paper, we extend Context UNITY, a formal, distributed, and context aware coordination language to support policy controls. The new language features enforce security controls and provide a means to declare policy specifics in a manner similar to declaring variable types. We use these features in a specification to show how verifying system compliance with selected security controls, such as those found in the NIST SP800-53 document, can be accomplished.
- U. S. DoD, "DoD Information Assurance Certification and Accreditation Process (DIACAP)," 2007.Google Scholar
- NIST, "SP 800-53 Rev 3: Recommended Security Controls for Federal Information Systems and Organizations," 2010. Google ScholarDigital Library
- G.-C. Roman, C. Julien, and J. Payton, "Modeling Adaptive Behaviors in Context UNITY," Theoretical Computer Science, vol. 376, pp. 185--204, May 2007. Google ScholarDigital Library
- "Common Criteria for Information Technology Security Evaluation," vol. Version 3.1, Part 2: Security Functional Components ed, 2007.Google Scholar
- U. S. DoD, "Information Assurance (IA) Implementation," 2003.Google Scholar
- J. Jurjens, J. Schreck, and P. Bartmann, "Model-based security analysis for mobile communications," in 30th International Conference on Software Engineering, pp. 683--692, 2008. Google ScholarDigital Library
- B. Best, J. Jurjens, and B. Nuseibeh, "Model-based Security Engineering of Distributed Information Systems using UMLsec," in 29th International Conference on Software Engineering, 2007. Google ScholarDigital Library
- D. Gelernter, "Generative communication in Linda," ACM Transactions on Programming Languages and Systems, vol. 7, pp. 80--112, 1985. Google ScholarDigital Library
- M. Bravetti, N. Busi, R. Gorrieri, R. Lucchi, and G. Zavattaro, "Security issues in the tuple-space coordination model," Formal Aspects in Security and Trust, pp. 1--12, 2005.Google Scholar
- R. Focardi, R. Lucchi, and G. Zavattaro, "Secure shared data-space coordination languages: A process algebraic survey," Science of Computer Programming, vol. 63, pp. 3--15, 2006. Google ScholarDigital Library
- G.-C. Roman and P. J. McCann, "A notation and logic for mobile computing," Formal Methods in System Design vol. 20, pp. 47--68, 2002. Google ScholarDigital Library
- K. M. Chandy and J. Misra, Parallel Program Design: A Foundation: Addison-Wesley, 1988. Google ScholarDigital Library
- J. Hosey and R. Gamble, "Extracting Security Control Requirements," in Cyber Security and Information Intelligence Research Workshop, 2010. Google ScholarDigital Library
Index Terms
- Security policy foundations in context UNITY
Recommendations
Security policy compliance with violation management
FMSE '07: Proceedings of the 2007 ACM workshop on Formal methods in security engineeringA security policy of an information system is a set of security requirements that correspond to permissions, prohibitions and obligations to execute some actions when some contextual conditions are satisfied. Traditional approaches consider that the ...
IPsec/VPN security policy correctness and assurance
Managing security policies: Modeling, verification and configurationWith IPsec/VPN policies being widely deployed, how to correctly specify and configure them is critical in enforcing security requirements, especially among different administrative domains across the Internet. Under current practice, IPsec/VPN policies ...
IPSec/VPN Security Policy: Correctness, Conflict Detection, and Resolution
POLICY '01: Proceedings of the International Workshop on Policies for Distributed Systems and NetworksIPSec (Internet Security Protocol Suite) functions will be executed correctly only if its policies are correctly specified and configured. Manual IPSec policy configuration is inefficient and error-prone. An erroneous policy could lead to communication ...
Comments