Skip to main content
SpringerLink
Log in

Modelling Mobility Aspects of Security Policies

  • Conference paper
Construction and Analysis of Safe, Secure, and Interoperable Smart Devices (CASSIS 2004)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3362))

Abstract

Security policies are rules that constrain the behaviour of a system. Different, largely unrelated sets of rules typically govern the physical and logical worlds. However, increased hardware and software mobility forces us to consider those rules in an integrated fashion. We present SPIN models of four case studies where mobility plays a role. At present our models are ad-hoc. In each case the model captures both the system of interest and its security policy. The model is then formally checked against a security principle. The model checking activity shows examples of policies that are too weak to cope with mobility.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The ponder policy specification language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 18–38. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  2. Schneider, F.B.: Enforceable security policies. ACM Transactions on Information and System Security 3, 30–50 (2000), http://doi.acm.org/10.1145/353323.353382

    Article  Google Scholar 

  3. Scott, D., Beresford, A., Mycroft, A.: Spatial security policies for mobile agents in a sentient computing environment. In: Pezzé, M. (ed.) FASE 2003. LNCS, vol. 2621, pp. 102–117. Springer, Heidelberg (2003), http://www.springerlink.com/link.asp?id=nyxyyrlkbe5c5acc

    Chapter  Google Scholar 

  4. Satoh, I.: Physical mobility and logical mobility in ubiquitous computing environments. In: Suri, N. (ed.) MA 2002. LNCS, vol. 2535, pp. 186–201. Springer, Heidelberg (2002), http://springerlink.metapress.com/link.asp?id=yrwh37hleb9rxp81

    Chapter  Google Scholar 

  5. Holzmann, G.J.: The SPIN Model Checker: Primer and Reference manual. Pearson Education Inc., Boston Massachusetts (2004)

    Google Scholar 

  6. Madhavapeddy, A., Mycroft, A., Scott, D., Sharp, R.: The case for abstracting security policies. In: Arabnia, H.R., Mun, Y. (eds.) Int. Conf. on Security and Management (SAM), vol. 1, pp. 156–160. CSREA Press, Las Vegas (2003), http://cambridgeweb.cambridge.intel-research.net/people/rsharp/publications/sam03-secpol.pdf

  7. Cheng, B.H.C., Konrad, S., Campbell, L.A., Wassermann, R.: Using security patterns to model and analyze security requirements. In: Hietmeyer, C., Mead, N. (eds.) Int. Workshop on Requirements for High Assurance Systems (RHAS), Monterey, California, pp. 13–22. Software Engineering Institute, Carnegi mellon Univ. (2003), http://www.sei.cmu.edu/community/rhas-workshop/rhas03-proceedings.pdf

  8. Sekar, R., Venkatakrishnan, V.N., Basu, S., Bhatkar, S., DuVarney, D.C.: Model carrying code: A practical approach for safe execution of untrusted applications. In: 19th ACM Symp. on Operating Systems Principles (SOSP), pp. 15–28. ACM Press, New York (2003), http://doi.acm.org/10.1145/945445.945448

    Chapter  Google Scholar 

  9. Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proceedings of the IEEE 63, 1278–1308 (1975)

    Article  Google Scholar 

  10. Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: 9th ACM Conf. on Computer and communications security (CCS), pp. 255–264. ACM Press, New York (2002), http://doi.acm.org/10.1145/586110.586145

    Chapter  Google Scholar 

  11. Kalker, T., Epema, D.H.J., Hartel, P.H., Lagendijk, R.L., van Steen, M.: Music2Share - Copyright-Compliant music sharing in P2P systems (invited paper). In: Proceedings of the IEEE Special Issue on Digital Rights Management, vol. 92, pp. 961–970 (2004), http://ieeexplore.ieee.org/xpl/abs_free.jsp?arNumber=1299170

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Twente, P.O. Box 217, 7500 AE, Enschede, The Netherlands

    Pieter Hartel, Pascal van Eck, Sandro Etalle & Roel Wieringa

Authors
  1. Pieter Hartel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pascal van Eck
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sandro Etalle
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Roel Wieringa
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IMDEA Software, Madrid, Spain

    Gilles Barthe

  2. INRIA Sophia Antipolis, France

    Lilian Burdy  & Marieke Huisman  & 

  3. Gemalto, France

    Jean-Louis Lanet

  4. Ecole Supérieure D’Ingénieurs de Luminy - Case 925 - ESIL Parc Scientifique, Université de la Méditerranée, 13288, Marseille, France

    Traian Muntean

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hartel, P., van Eck, P., Etalle, S., Wieringa, R. (2005). Modelling Mobility Aspects of Security Policies. In: Barthe, G., Burdy, L., Huisman, M., Lanet, JL., Muntean, T. (eds) Construction and Analysis of Safe, Secure, and Interoperable Smart Devices. CASSIS 2004. Lecture Notes in Computer Science, vol 3362. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30569-9_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30569-9_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24287-1

  • Online ISBN: 978-3-540-30569-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation