[论文解读] Security Policy Specification Using a Graphical Approach
该论文提出了LaSCO,一种用于使用图形化表示和一阶逻辑形式化指定安全策略的面向对象语言。它能够在应用层实现精确且人类可读的策略规范,支持通过代码生成进行推理和自动化强制执行,并促进安全软件系统的策略组合与静态分析。
A security policy states the acceptable actions of an information system, as the actions bear on security. There is a pressing need for organizations to declare their security policies, even informal statements would be better than the current practice. But, formal policy statements are preferable to support (1) reasoning about policies, e.g., for consistency and completeness, (2) automated enforcement of the policy, e.g., using wrappers around legacy systems or after the fact with an intrusion detection system, and (3) other formal manipulation of policies, e.g., the composition of policies. We present LaSCO, the Language for Security Constraints on Objects, in which a policy consists of two parts: the domain (assumptions about the system) and the requirement (what is allowed assuming the domain is satisfied). Thus policies defined in LaSCO have the appearance of conditional access control statements. LaSCO policies are specified as expressions in logic and as directed graphs, giving a visual view of policy. LaSCO has a simple semantics in first order logic (which we provide), thus permitting policies we write, even for complex policies, to be very perspicuous. LaSCO has syntax to express many of the situations we have found to be useful on policies or, more interesting, the composition of policies. LaSCO has an object-oriented structure, permitting it to be useful to describe policies on the objects and methods of an application written in an object-oriented language, in addition to the traditional policies on operating system objects. A LaSCO specification can be automatically translated into executable code that checks an invocation of a program with respect to a policy. The implementation of LaSCO is in Java, and generates wrappers to check Java programs with respect to a policy.
研究动机与目标
- 为解决在应用层缺乏形式化、灵活且人类可读的安全策略规范问题。
- 通过一阶逻辑的形式化语义,实现对策略的推理。
- 通过Java应用程序中的代码插桩实现策略的自动化强制执行。
- 使策略规范与强制机制解耦,从而实现跨系统复用。
- 将策略建模从操作系统对象扩展至应用层对象和方法。
提出的方法
- LaSCO将策略表示为带有逻辑注释的有向图,结合了视觉清晰性与形式化语义。
- 策略以条件语句结构组织:包含一个领域(上下文)和一个要求(允许的操作)。
- 该语言使用一阶逻辑实现形式化语义,支持一致性与完备性推理。
- LaSCO策略被编译为可执行的Java代码,用于在运行时检查调用是否符合策略约束。
- 该方法支持策略组合以及对事件序列的基于模式的匹配。
- 实现涉及在Java程序中插入策略检查包装器,以实现运行时强制执行。
实验结果
研究问题
- RQ1如何设计一种既易于人类理解又具备形式化精确性的安全策略表达方式?
- RQ2基于图形化与逻辑的编程语言能否有效建模复杂且具有时间依赖性的应用层访问控制策略?
- RQ3如何在保持可执行性的同时,对策略进行形式化组合与推理?
- RQ4在面向对象系统中,通过自动化代码插桩实现策略强制执行是否可行?
- RQ5此类语言能否同时支持静态分析与运行时策略合规性监控?
主要发现
- LaSCO支持在应用层而非仅操作系统层,指定基于约束的安全策略。
- 图形化表示增强了人类理解,而形式化逻辑则确保了策略的一致性与完备性。
- 以LaSCO表达的策略可自动转换为可执行代码,用于运行时强制执行。
- 该语言支持涉及事件序列与上下文条件的复杂策略模式。
- LaSCO促进了跨不同系统与强制机制的策略复用与组合。
- 该方法同时支持静态策略分析与运行时监控,有助于入侵检测与安全应用部署。
更好的研究,从现在开始
从论文设计到论文写作,大幅缩短您的研究时间。
无需绑定信用卡
本解读由 AI 生成,并经人工编辑审核。