LOCKS: a property specification language for security goals

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

Abstract

We introduce a formal specification language locks, that allow security practitioners to express as well as compose security goals in a convenient manner. locks supports the specification of the most common security properties over generic attributes, both for qualitative and quantitative goals.
To make our language independent of a specific security framework, we evaluate locks over a generic attack model, namely the structural attack model (sam), which over-arches the most prominent graphical threat models. Furthermore, we equip our language with a concise grammar, type rules and denotational semantics, thus laying the foundations of an automated tool. We take a number of informal security goals from the literature and show how they can be formally
expressed in our language.
Original languageEnglish
Title of host publicationSAC'18. Proceedings of the 33rd Annual ACM Symposium on Applied Computing (SAC)
PublisherAssociation for Computing Machinery (ACM)
Pages1907-1915
ISBN (Electronic)978-1-4503-5191-1
DOIs
Publication statusE-pub ahead of print/First online - 9 Apr 2018
Event33rd ACM/SIGAPP Symposium On Applied Computing - Pau, France
Duration: 9 Apr 201813 Apr 2018
Conference number: 33
https://www.sigapp.org/sac/sac2018/

Conference

Conference33rd ACM/SIGAPP Symposium On Applied Computing
Abbreviated titleSAC 2018
CountryFrance
CityPau
Period9/04/1813/04/18
Internet address

Fingerprint

Specification languages
Arches
Semantics
Specifications

Keywords

  • Enterprise security, Quantitative security goals, Property specification language,Multi-objective query language, Threat models, Denotational semantics

Cite this

Kumar, R., Rensink, A., & Stoelinga, M. I. A. (2018). LOCKS: a property specification language for security goals. In SAC'18. Proceedings of the 33rd Annual ACM Symposium on Applied Computing (SAC) (pp. 1907-1915). Association for Computing Machinery (ACM). https://doi.org/10.1145/3167132.3167336
Kumar, Rajesh ; Rensink, Arend ; Stoelinga, Mariëlle Ida Antoinette. / LOCKS: a property specification language for security goals. SAC'18. Proceedings of the 33rd Annual ACM Symposium on Applied Computing (SAC). Association for Computing Machinery (ACM), 2018. pp. 1907-1915
@inproceedings{5e7dcac6be164623b068ce4aaa0a44ff,
title = "LOCKS: a property specification language for security goals",
abstract = "We introduce a formal specification language locks, that allow security practitioners to express as well as compose security goals in a convenient manner. locks supports the specification of the most common security properties over generic attributes, both for qualitative and quantitative goals.To make our language independent of a specific security framework, we evaluate locks over a generic attack model, namely the structural attack model (sam), which over-arches the most prominent graphical threat models. Furthermore, we equip our language with a concise grammar, type rules and denotational semantics, thus laying the foundations of an automated tool. We take a number of informal security goals from the literature and show how they can be formallyexpressed in our language.",
keywords = "Enterprise security, Quantitative security goals, Property specification language,Multi-objective query language, Threat models, Denotational semantics",
author = "Rajesh Kumar and Arend Rensink and Stoelinga, {Mari{\"e}lle Ida Antoinette}",
year = "2018",
month = "4",
day = "9",
doi = "10.1145/3167132.3167336",
language = "English",
pages = "1907--1915",
booktitle = "SAC'18. Proceedings of the 33rd Annual ACM Symposium on Applied Computing (SAC)",
publisher = "Association for Computing Machinery (ACM)",
address = "United States",

}

Kumar, R, Rensink, A & Stoelinga, MIA 2018, LOCKS: a property specification language for security goals. in SAC'18. Proceedings of the 33rd Annual ACM Symposium on Applied Computing (SAC). Association for Computing Machinery (ACM), pp. 1907-1915, 33rd ACM/SIGAPP Symposium On Applied Computing, Pau, France, 9/04/18. https://doi.org/10.1145/3167132.3167336

LOCKS: a property specification language for security goals. / Kumar, Rajesh ; Rensink, Arend ; Stoelinga, Mariëlle Ida Antoinette.

SAC'18. Proceedings of the 33rd Annual ACM Symposium on Applied Computing (SAC). Association for Computing Machinery (ACM), 2018. p. 1907-1915.

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

TY - GEN

T1 - LOCKS: a property specification language for security goals

AU - Kumar, Rajesh

AU - Rensink, Arend

AU - Stoelinga, Mariëlle Ida Antoinette

PY - 2018/4/9

Y1 - 2018/4/9

N2 - We introduce a formal specification language locks, that allow security practitioners to express as well as compose security goals in a convenient manner. locks supports the specification of the most common security properties over generic attributes, both for qualitative and quantitative goals.To make our language independent of a specific security framework, we evaluate locks over a generic attack model, namely the structural attack model (sam), which over-arches the most prominent graphical threat models. Furthermore, we equip our language with a concise grammar, type rules and denotational semantics, thus laying the foundations of an automated tool. We take a number of informal security goals from the literature and show how they can be formallyexpressed in our language.

AB - We introduce a formal specification language locks, that allow security practitioners to express as well as compose security goals in a convenient manner. locks supports the specification of the most common security properties over generic attributes, both for qualitative and quantitative goals.To make our language independent of a specific security framework, we evaluate locks over a generic attack model, namely the structural attack model (sam), which over-arches the most prominent graphical threat models. Furthermore, we equip our language with a concise grammar, type rules and denotational semantics, thus laying the foundations of an automated tool. We take a number of informal security goals from the literature and show how they can be formallyexpressed in our language.

KW - Enterprise security, Quantitative security goals, Property specification language,Multi-objective query language, Threat models, Denotational semantics

U2 - 10.1145/3167132.3167336

DO - 10.1145/3167132.3167336

M3 - Conference contribution

SP - 1907

EP - 1915

BT - SAC'18. Proceedings of the 33rd Annual ACM Symposium on Applied Computing (SAC)

PB - Association for Computing Machinery (ACM)

ER -

Kumar R, Rensink A, Stoelinga MIA. LOCKS: a property specification language for security goals. In SAC'18. Proceedings of the 33rd Annual ACM Symposium on Applied Computing (SAC). Association for Computing Machinery (ACM). 2018. p. 1907-1915 https://doi.org/10.1145/3167132.3167336