Research Article Open Access

Security Policy Development: Towards a Life-Cycle and Logic-Based Verification Model

Luay A. Wahsheh and Jim Alves-Foss

Abstract

Although security plays a major role in the design of software systems, security requirements and policies are usually added to an already existing system, not created in conjunction with the product. As a result, there are often numerous problems with the overall design. In this paper, we discuss the relationship between software engineering, security engineering, and policy engineering and present a security policy life-cycle; an engineering methodology to policy development in high assurance computer systems. The model provides system security managers with a procedural engineering process to develop security policies. We also present an executable Prolog-based model as a formal specification and knowledge representation method using a theorem prover to verify system correctness with respect to security policies in their life-cycle stages.

American Journal of Applied Sciences
Volume 5 No. 9, 2008, 1117-1126

DOI: https://doi.org/10.3844/ajassp.2008.1117.1126

Submitted On: 19 September 2007 Published On: 30 September 2008

How to Cite: Wahsheh, L. A. & Alves-Foss, J. (2008). Security Policy Development: Towards a Life-Cycle and Logic-Based Verification Model. American Journal of Applied Sciences, 5(9), 1117-1126. https://doi.org/10.3844/ajassp.2008.1117.1126

  • 3,519 Views
  • 3,045 Downloads
  • 4 Citations

Download

Keywords

  • Logic
  • policy engineering
  • policy life-cycle
  • policy verification