Author:
Peter Amthor
Affiliation:
Ilmenau University of Technology, Germany
Keyword(s):
Security engineering, security policies, access control systems, access control models, safety, heuristic analysis, SELinux
Related
Ontology
Subjects/Areas/Topics:
Access Control
;
Data Engineering
;
Databases and Data Security
;
Formal Methods for Security
;
Information and Systems Security
;
Internet Technology
;
Security and Privacy Policies
;
Security Verification and Validation
;
Web Information Systems and Technologies
Abstract:
Being of paramount importance for the correctness of a security policy, the property of safety has received decades of attention in the field of model-based security engineering. To analyze the safety of a security model, heuristic approaches are used to avoid restrictions of the model calculus while accepting semi-decidability of this property.
Within this field, this paper addresses three open problems concerning the DEPSEARCH heuristic safety analysis framework: Inefficient state-space exploration, static verification of unsafety-unsatisfiability, and parameter dependency analysis. We describe these problems on a formal basis, specify solution proposals, and implement these in the current, model-independent fDS framework. A practical evaluation based on SELinux is performed to study effectiveness and future optimization of the framework.