Security policy foundations in Context UNITY

M. Todd Gamble, Rose F. Gamble, Matthew L. Hale

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

Security certification includes assessing an information system to verify its compliance with diverse, pre-selected security controls. The goal of certification is to identify where controls are implemented correctly and where they are violated, creating potential vulnerability risks. Certification complexity is magnified in software composed of systems of systems where there are limited formal methodologies to express management policies, given a set of security control properties, and verify them against the interaction of the participating components and their individual security policy implementations. In this paper, we extend Context UNITY, a formal, distributed, and context aware coordination language to support policy controls. The new language features enforce security controls and provide a means to declare policy specifics in a manner similar to declaring variable types. We use these features in a specification to show how verifying system compliance with selected security controls, such as those found in the NIST SP800-53 document, can be accomplished.

Original languageEnglish (US)
Title of host publicationSESS'11 - Proceedings of the 7th International Workshop on Software Engineering for Secure Systems, Co-located with ICSE 2011
Pages8-14
Number of pages7
DOIs
StatePublished - 2011
Event7th International Workshop on Software Engineering for Secure Systems, SESS 2011, Co-located with ICSE 2011 - Waikiki, Honolulu, HI, United States
Duration: May 22 2011May 22 2011

Publication series

NameProceedings - International Conference on Software Engineering
ISSN (Print)0270-5257

Conference

Conference7th International Workshop on Software Engineering for Secure Systems, SESS 2011, Co-located with ICSE 2011
CountryUnited States
CityWaikiki, Honolulu, HI
Period5/22/115/22/11

Keywords

  • Security certification
  • Security controls
  • UNITY

ASJC Scopus subject areas

  • Software

Fingerprint Dive into the research topics of 'Security policy foundations in Context UNITY'. Together they form a unique fingerprint.

  • Cite this

    Gamble, M. T., Gamble, R. F., & Hale, M. L. (2011). Security policy foundations in Context UNITY. In SESS'11 - Proceedings of the 7th International Workshop on Software Engineering for Secure Systems, Co-located with ICSE 2011 (pp. 8-14). (Proceedings - International Conference on Software Engineering). https://doi.org/10.1145/1988630.1988633