Verifying Security Policies using Host Attributes

Cornelius Diekmann; Stephan-A. Posselt; Heiko Niedermayer; Holger; Kinkelin; Oliver Hanka; Georg Carle

arXiv:1604.00204·cs.CR·April 4, 2016

Verifying Security Policies using Host Attributes

Cornelius Diekmann, Stephan-A. Posselt, Heiko Niedermayer, Holger, Kinkelin, Oliver Hanka, Georg Carle

PDF

TL;DR

This paper introduces a method for verifying network security policies by expressing security invariants through host attributes, enabling automated configuration and verified in a civil aviation context.

Contribution

It presents a universal approach to formalize and verify security invariants for access control and information flow, with machine-verified proofs using Isabelle/HOL.

Findings

01

Universal insights about security invariants

02

Automated host attribute configuration

03

Verification demonstrated in civil aviation scenario

Abstract

For the formal verification of a network security policy, it is crucial to express the verification goals. These formal goals, called security invariants, should be easy to express for the end user. Focusing on access control and information flow security strategies, this work discovers and proves universal insights about security invariants. This enables secure and convenient auto-completion of host attribute configurations. We demonstrate our results in a civil aviation scenario. All results are machine-verified with the Isabelle/HOL theorem prover.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.