Garcia Garcia, Juan Manuel

No

Proceedings Of The 15th American Conference On Applied Mathematics And Proceedings Of The International Conference On Computational And Information Sciences 2009, Vols I And Ii

Proceedings Paper

Científica

✗

✗

01/01/2009

000266634600065

On an information system, a security policy specifies constraints on resources accessed by processes and information flow among them, and also constraints on external access by outsiders. In order to enforce an information security policy, system administrators face two main problems: First, security policy is often stated informally, leading to ambiguity, inconsistency and incompleteness, and in second place, security policy constraints must be translated on several low level specifications such as operating system access control rules, firewall filtering rules, etc. Is a difficult task to verify if those low level specifications actually enforce the security policy. In this paper we present an information security specification based on process calculus which could be translated to low level specifications.