LOCKS: A property specification language for security goals

Rajesh  Kumar; Arend  Rensink; Mariëlle I.A. Stoelinga

doi:10.1145/3167132.3167336

LOCKS: A property specification language for security goals

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

5 Citations (Scopus)

204 Downloads (Pure)

Abstract

We introduce a formal specification language locks, that allow security practitioners to express as well as compose security goals in a convenient manner. locks supports the specification of the most common security properties over generic attributes, both for qualitative and quantitative goals.
To make our language independent of a specific security framework, we evaluate locks over a generic attack model, namely the structural attack model (sam), which over-arches the most prominent graphical threat models. Furthermore, we equip our language with a concise grammar, type rules and denotational semantics, thus laying the foundations of an automated tool. We take a number of informal security goals from the literature and show how they can be formally
expressed in our language.

Original language	English
Title of host publication	SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied Computing
Editors	Hisham M. Haddad, Roger L. Wainwright, Richard Chbeir
Publisher	Association for Computing Machinery
Pages	1907-1915
ISBN (Electronic)	978-1-4503-5191-1
DOIs	https://doi.org/10.1145/3167132.3167336
Publication status	Published - 9 Apr 2018
Event	33rd ACM/SIGAPP Symposium On Applied Computing - Pau, France Duration: 9 Apr 2018 → 13 Apr 2018 Conference number: 33 https://www.sigapp.org/sac/sac2018/

Conference

Conference	33rd ACM/SIGAPP Symposium On Applied Computing
Abbreviated title	SAC 2018
Country/Territory	France
City	Pau
Period	9/04/18 → 13/04/18
Internet address	https://www.sigapp.org/sac/sac2018/

Keywords

2019 OA procedure
Quantitative security goals
Property specification language
Multi-objective query language
Threat models
Denotational semantics
Enterprise security

Access to Document

10.1145/3167132.3167336

Kumar2018locksFinal published version, 782 KBLicence: Taverne

Cite this

@inproceedings{5e7dcac6be164623b068ce4aaa0a44ff,

title = "LOCKS: A property specification language for security goals",

abstract = "We introduce a formal specification language locks, that allow security practitioners to express as well as compose security goals in a convenient manner. locks supports the specification of the most common security properties over generic attributes, both for qualitative and quantitative goals. To make our language independent of a specific security framework, we evaluate locks over a generic attack model, namely the structural attack model (sam), which over-arches the most prominent graphical threat models. Furthermore, we equip our language with a concise grammar, type rules and denotational semantics, thus laying the foundations of an automated tool. We take a number of informal security goals from the literature and show how they can be formally expressed in our language.",

keywords = "2019 OA procedure, Quantitative security goals, Property specification language, Multi-objective query language, Threat models, Denotational semantics, Enterprise security",

author = "Rajesh Kumar and Arend Rensink and Stoelinga, \{Mari{\"e}lle I.A.\}",

year = "2018",

month = apr,

day = "9",

doi = "10.1145/3167132.3167336",

language = "English",

pages = "1907--1915",

editor = "Haddad, \{Hisham M.\} and Wainwright, \{Roger L.\} and Richard Chbeir",

booktitle = "SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied Computing",

publisher = "Association for Computing Machinery",

address = "United States",

note = "33rd ACM/SIGAPP Symposium On Applied Computing, SAC 2018 ; Conference date: 09-04-2018 Through 13-04-2018",

url = "https://www.sigapp.org/sac/sac2018/",

}

Kumar, R, Rensink, A & Stoelinga, MIA 2018, LOCKS: A property specification language for security goals. in HM Haddad, RL Wainwright & R Chbeir (eds), SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied Computing. Association for Computing Machinery, pp. 1907-1915, 33rd ACM/SIGAPP Symposium On Applied Computing, Pau, France, 9/04/18. https://doi.org/10.1145/3167132.3167336

LOCKS: A property specification language for security goals. / Kumar, Rajesh ; Rensink, Arend ; Stoelinga, Mariëlle I.A.
SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied Computing. ed. / Hisham M. Haddad; Roger L. Wainwright; Richard Chbeir. Association for Computing Machinery, 2018. p. 1907-1915.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - LOCKS

T2 - 33rd ACM/SIGAPP Symposium On Applied Computing

AU - Kumar, Rajesh

AU - Rensink, Arend

AU - Stoelinga, Mariëlle I.A.

N1 - Conference code: 33

PY - 2018/4/9

Y1 - 2018/4/9

N2 - We introduce a formal specification language locks, that allow security practitioners to express as well as compose security goals in a convenient manner. locks supports the specification of the most common security properties over generic attributes, both for qualitative and quantitative goals. To make our language independent of a specific security framework, we evaluate locks over a generic attack model, namely the structural attack model (sam), which over-arches the most prominent graphical threat models. Furthermore, we equip our language with a concise grammar, type rules and denotational semantics, thus laying the foundations of an automated tool. We take a number of informal security goals from the literature and show how they can be formally expressed in our language.

AB - We introduce a formal specification language locks, that allow security practitioners to express as well as compose security goals in a convenient manner. locks supports the specification of the most common security properties over generic attributes, both for qualitative and quantitative goals. To make our language independent of a specific security framework, we evaluate locks over a generic attack model, namely the structural attack model (sam), which over-arches the most prominent graphical threat models. Furthermore, we equip our language with a concise grammar, type rules and denotational semantics, thus laying the foundations of an automated tool. We take a number of informal security goals from the literature and show how they can be formally expressed in our language.

KW - 2019 OA procedure

KW - Quantitative security goals

KW - Property specification language

KW - Multi-objective query language

KW - Threat models

KW - Denotational semantics

KW - Enterprise security

U2 - 10.1145/3167132.3167336

DO - 10.1145/3167132.3167336

M3 - Conference contribution

SP - 1907

EP - 1915

BT - SAC '18: Proceedings of the 33rd Annual ACM Symposium on Applied Computing

A2 - Haddad, Hisham M.

A2 - Wainwright, Roger L.

A2 - Chbeir, Richard

PB - Association for Computing Machinery

Y2 - 9 April 2018 through 13 April 2018

ER -

LOCKS: A property specification language for security goals

Abstract

Conference

Keywords

Access to Document

Fingerprint

Cite this