Security Policy Development: Towards a Life-Cycle and Logic-Based Verification Model
Abstract
Although security plays a major role in the design of software systems, security requirements and policies are usually added to an already existing system, not created in conjunction with the product. As a result, there are often numerous problems with the overall design. In this paper, we discuss the relationship between software engineering, security engineering, and policy engineering and present a security policy life-cycle; an engineering methodology to policy development in high assurance computer systems. The model provides system security managers with a procedural engineering process to develop security policies. We also present an executable Prolog-based model as a formal specification and knowledge representation method using a theorem prover to verify system correctness with respect to security policies in their life-cycle stages.
DOI: https://doi.org/10.3844/ajassp.2008.1117.1126
Copyright: © 2008 Luay A. Wahsheh and Jim Alves-Foss. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
- 3,519 Views
- 3,045 Downloads
- 4 Citations
Download
Keywords
- Logic
- policy engineering
- policy life-cycle
- policy verification