Designing, Capturing and Validating History-Sensitive Security Policies for Distributed Systems

Alejandro Mario Hernandez, Flemming Nielson, Hanne Riis Nielson

    Research output: Contribution to journalJournal articleResearchpeer-review


    We consider the use of Aspect-oriented techniques as a flexible way to deal with security policies in distributed systems. We follow the approach of attaching security policies to the relevant locations that must be governed by them, and then combining them at runtime according to the interactions that happen. Recent work suggests using Aspects in this way to analyse the future behaviour of programs and to make access control decisions based on this; this gives the flavour of dealing with information flow rather than mere access control. We show in this paper that it is beneficial to augment this approach with history-based components, as is traditional in reference-monitor-based approaches to mandatory access control. Our developments are performed in an Aspect-oriented coordination language, aiming to describe the Bell-LaPadula policy as elegantly as possible. Furthermore, the resulting language has the capability of combining both history-sensitive and future-sensitive policies, providing even more flexibility and power. Moreover, we propose a global Logic for reasoning about the systems designed with this language. We show how the Logic can be used to validate the combination of security policies in a distributed system, either with or without exploring the entire state space.
    Original languageEnglish
    JournalScientific Annals of Computer Science
    Issue number1
    Pages (from-to)107-149
    Publication statusPublished - 2011


    Dive into the research topics of 'Designing, Capturing and Validating History-Sensitive Security Policies for Distributed Systems'. Together they form a unique fingerprint.

    Cite this