Abstract
We introduce a formal specification language locks, that allow security practitioners to express as well as compose security goals in a convenient manner. locks supports the specification of the most common security properties over generic attributes, both for qualitative and quantitative goals.
To make our language independent of a specific security framework, we evaluate locks over a generic attack model, namely the structural attack model (sam), which over-arches the most prominent graphical threat models. Furthermore, we equip our language with a concise grammar, type rules and denotational semantics, thus laying the foundations of an automated tool. We take a number of informal security goals from the literature and show how they can be formally
expressed in our language.
To make our language independent of a specific security framework, we evaluate locks over a generic attack model, namely the structural attack model (sam), which over-arches the most prominent graphical threat models. Furthermore, we equip our language with a concise grammar, type rules and denotational semantics, thus laying the foundations of an automated tool. We take a number of informal security goals from the literature and show how they can be formally
expressed in our language.
Original language | English |
---|---|
Title of host publication | SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied Computing |
Editors | Hisham M. Haddad, Roger L. Wainwright, Richard Chbeir |
Publisher | Association for Computing Machinery |
Pages | 1907-1915 |
ISBN (Electronic) | 978-1-4503-5191-1 |
DOIs | |
Publication status | Published - 9 Apr 2018 |
Event | 33rd ACM/SIGAPP Symposium On Applied Computing - Pau, France Duration: 9 Apr 2018 → 13 Apr 2018 Conference number: 33 https://www.sigapp.org/sac/sac2018/ |
Conference
Conference | 33rd ACM/SIGAPP Symposium On Applied Computing |
---|---|
Abbreviated title | SAC 2018 |
Country/Territory | France |
City | Pau |
Period | 9/04/18 → 13/04/18 |
Internet address |
Keywords
- Enterprise security
- Quantitative security goals
- Property specification language
- Multi-objective query language
- Threat models
- Denotational semantics