TY - JOUR AU - Wahsheh, Luay A. AU - Alves-Foss, Jim PY - 2008 TI - Security Policy Development: Towards a Life-Cycle and Logic-Based Verification Model JF - American Journal of Applied Sciences VL - 5 IS - 9 DO - 10.3844/ajassp.2008.1117.1126 UR - https://thescipub.com/abstract/ajassp.2008.1117.1126 AB - Although security plays a major role in the design of software systems, security requirements and policies are usually added to an already existing system, not created in conjunction with the product. As a result, there are often numerous problems with the overall design. In this paper, we discuss the relationship between software engineering, security engineering, and policy engineering and present a security policy life-cycle; an engineering methodology to policy development in high assurance computer systems. The model provides system security managers with a procedural engineering process to develop security policies. We also present an executable Prolog-based model as a formal specification and knowledge representation method using a theorem prover to verify system correctness with respect to security policies in their life-cycle stages.