| Popis: |
We deal with the issue of specifying security policies that can be enforced by monitoring services execution. Currently, the vast majority of works focus on access control, are based on logics, and offer ways to express high level properties of real-time systems. However, the expressivenes power of such logics does not allow us to express recent usage control requirements (like accounting), and the undecidability of such logics hardens the task of analysing and querying such security policies. Our work offers rather an operational approach, by the use of timed automata to specify and analyse security policies that can be enforced through mechanisms that work by monitoring the system execution. We show how to specify such complex policies as combinations of simpler modular policies. Then for a given set of policies, we suggest methods to analyse and establish whether this set of policies is consistent or not. |
