Abstract
The security of a network configuration is based not just on the security of its individual components and their direct interconnections, but also on the potential for systems to interoperate indirectly across network routes. Such interoperation has been shown to provide the potential for circuitous paths across a network that violate security. In this paper we propose a constraint-based framework for representing access control configurations of systems. The secure reconfiguration of a system is depicted as a constraint satisfaction problem.
Chapter PDF
Similar content being viewed by others
References
Amman, P. and Sandhu, R. (1992). The extended schematic protection model. Journal of Computer Security, 1(4).
Aziz, B., Foley, S.N., Herbert, J., and Swart, G. (2004). Configuring storage-area networks for mandatory security. In 18th Annual IFIP WG 11.3 Working Conference on Data and Applications Security.
Bell, D.E. and Padula, L. J. La (1976). Secure computer system: unified exposition and MUL-TICS interpretation. Report ESD-TR-75-306, The MITRE Corporation.
Bella, G. and Bistarelli, S. (2001). Soft Constraints for Security Protocol Analysis: Confidentiality. In Proc. of the 3rd International Symposium on Practical Aspects of Declarative Languages (PADL'01), LNCS 1990, pages 108–122. Springer-Verlag.
Bella, G. and Bistarelli, S. (2002). Confidentiality levels and deliberate/indeliberate protocol attacks. In Proc. Security Protocols 10th International Workshop, Cambridge, UK, April, 2002, Revised Papers, LNCS, pages 104–119. Springer-Verlag.
Bella, G. and Bistarelli, S. (2004). Soft constraint programming to analysing security protocols. Theory and Practice of Logic Programming (TPLP), 4(5): 1–28. To appear.
Bellone, J., Chamard, A., and Pradelles, C. (1992). Plane-an evolutive planning system for aircraft production. In Proc. 1st Interantional Conference on Practical Applications of Prolog (PAP92).
Bertino, E. et al. (1998). An authorization model and its formal semantics. In Proceedings of the European Symposium on Research in Computer Security, pages 127–142. Springer LNCS 1485.
Bharadwaj, V.G and Baras, J.S. (2003). Towards automated negotiation of access control policies. In Proc. of IEEE Workshop Policies for Distributed Systems and Networks, pages 77–80.
Bistarelli, S. (2004). Semirings for Soft Constraint Solving and Programming, volume 2962 of Lecture Notes in Computer Science. Springer.
Bistarelli, S. and Foley, S.N. (2003a). Analysis of integrity policies using soft constraints. In Proceedings IEEE 4th International Workshop on Policies for Distributed Systems and Networks (POLICY2003), Lake Como, Italy, June 4–6, 2003, pages 77–80. IEEE Press.
Bistarelli, S. and Foley, S.N. (2003b). A constraint based framework for dependability goals: Integrity. In 22nd International Conference on Computer Safety, Reliability and Security (SAFECOMP2003), Proceedings, 23–26 September 2003, Edinburgh, Scotland, United Kingdom, volume 2788 of Lecture Notes in Computer Science, pages 130–143. Springer.
Bistarelli, S., Foley, S.N., and O'Sullivan, B. (2004a). Detecting and eliminating the cascade vulnerability problem from multi-level security networks using soft constraints. In Proceedings Innovative Applications of Artificial Intelligence Conference (IAAI-04), pages 808–813. AAAI Press.
Bistarelli, S., Foley, S.N., and O'Sullivan, B. (2004b). Modelling and detecting the cascade vulnerabiliy problem using soft constraints. In Proc. ACM Symposium on Applied Computing (SAC 2004), pages 383–390. ACM Press.
Bistarelli, S., Montanari, U., and Rossi, F. (1997). Semiring-based constraint solving and optimization. Journal of ACM, 44(2):201–236.
Bistarelli, S., Montanari, U., and Rossi, F. (2002). Soft concurrent constraint programming. In Programming Languages and Systems: 11th European Symposium on Programming, ESOP 2002 held as Part of the Joint European Conference on Theory and Practice of Software, ETAPS 2002, Proceedings, Grenoble, France, April 8–12, 2002, volume 2305 of Lecture Notes in Computer Science, pages 53–67. Springer.
Bistarelli, S. and O'Sullivan, B. (2003). A theoretical framework for tradeoff generation using soft constraints. In Research and Development in Intelligent Systems XX, Proceedings of AI-2003, the Twenty-third SGAI International Conference on Knowledge-Based Systems and Applied Artificial Intelligence, pages 69–82. Springer, BCS Conference Series "Research and Development in Intelligent Systems xx".
Foley, S.N. (1992). Aggregation and separation as noninterference properties. Journal of Computer Security, 1(2):159–188.
Foley, S.N. (1997). The specification and implementation of commercial security requirements including dynamic segregation of duties. In ACM Conference on Computer and Communications Security, pages 125–134.
Foley, S.N. (2000). Conduit cascades and secure synchronization. In ACM New Security Paradigms Workshop.
Fruehwirth, T. and Brisset, P. (1997). Optimal planning of digital cordless telecommunication systems. In Proc. PACT97, London, UH.
Gong, L. (1999). Inside Java2 Platform Security. Addison Wesley.
Gong, L. and Qian, X. (1994). The complexity and composability of secure interoperation. In Proceedings of the Symposium on Security and Privacy, pages 190–200, Oakland, CA. IEEE Press.
Gong, L. and Qian, X. (1996). Computational issues in secure interoperation. IEEE Trans. Softw. Eng., 22(l):43–52.
Harrison, M., Ruzzo, W., and Ullman, J. (1976). Protection in operating systems. Communications of the ACM, 19:461–471.
Konstantinou, A.V., Yemini, Y., Bhatt, S., and Rajagopalan, S. (1999). Managing security in dynamic networks. In Proc. USENIX Lisa'99.
Lee, T.M.P. (1988). Using mandatory integrity to enforce ‘commerical’ security. In Proceedings of the Symposium on Security and Privacy, pages 140–146.
Sandhu, R. et al. (1996). Role based access control models. IEEE Computer, 29(2):38–47.
Wallace, M. (1996). Practical applications of constraint programming. Constraints, 1(1–2): 139–168.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this paper
Cite this paper
Bistarelli, S., Foley, S.N., O'Sullivan, B. (2005). Reasoning about Secure Interoperation Using Soft Constraints. In: Dimitrakos, T., Martinelli, F. (eds) Formal Aspects in Security and Trust. IFIP WCC TC1 2004. IFIP International Federation for Information Processing, vol 173. Springer, Boston, MA. https://doi.org/10.1007/0-387-24098-5_13
Download citation
DOI: https://doi.org/10.1007/0-387-24098-5_13
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-24050-3
Online ISBN: 978-0-387-24098-5
eBook Packages: Computer ScienceComputer Science (R0)