Abstract
An integrity policy defines the situations when modification of information is authorized and is enforced by the security mechanisms of the system. However, in a complex application system it is possible that an integrity policy may have been incorrectly specified and, as a result, a user may be authorized to modify information that can lead to an unexpected system compromise. In this paper we propose a scalable and quantitative technique that uses constraint solving to model and analyze the effectiveness of application system integrity policies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Badros, G.J., Borning, A., Stuckey, P.J.: The cassowary linear arithmetic constraint solving algorithm. ACM Transactions on Computer Human Interaction 8(4), 276–306 (2001)
Bella, G., Bistarelli, S.: Soft Constraints for Security Protocol Analysis: Confidentiality. In: Ramakrishnan, I.V. (ed.) PADL 2001. LNCS, vol. 1990, pp. 108–122. Springer, Heidelberg (2001)
Biba, K.J.: Integrity considerations for secure computer systems. Technical Report MTR-3153 Rev 1 (ESD-TR-76-372), MITRE Corp Bedford MA (1976)
Bistarelli, S.: Soft Constraint Solving and programming: a general framework. PhD thesis, Dipartimento di Informatica, Università di Pisa, Italy (March 2001) TD-2/01
Bistarelli, S., Fargier, H., Montanari, U., Rossi, F., Schiex, T., Verfaillie, G.: Semiring-based CSPs and Valued CSPs: Frameworks, properties, and comparison. CONSTRAINTS: An international journal 4(3). Kluwer (1999)
Bistarelli, S., Foley, S.N.: Analysis of integrity policies using soft constraints. In: Proceedings of IEEE Workshop Policies for Distributed Systems and Networks, June 2003, pp. 77–80 (2003)
Bistarelli, S., Montanari, U., Rossi, F.: Constraint Solving over Semirings. In: Proc. IJCAI 1995, San Francisco, CA, USA. Morgan Kaufmann, San Francisco (1995)
Bistarelli, S., Montanari, U., Rossi, F.: Semiring-based Constraint Solving and Optimization. Journal of the ACM 44(2), 201–236 (1997)
Bistarelli, S., Montanari, U., Rossi, F.: Soft concurrent constraint programming. In: Le Métayer, D. (ed.) ESOP 2002. LNCS, vol. 2305, pp. 53–67. Springer, Heidelberg (2002)
Bowen, J.A., Bahler, D.: Constraint-based software for concurrent engineering. IEEE Computer 26(1), 66–68 (1993)
Kirchner, K.C., Vittek, M.: Designing clp using computational systems. In: Van Hentenryck, P., Saraswat, S. (eds.) Proceedings of Principles and Practice of Constraint Programming. MIT Press, Cambridge (1995)
Chan, W., Anderson, R., Beame, P., Notkin, D.: Combining constraint solving and symbolic model checking for a class of systems with non-linear constraints. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 316–327. Springer, Heidelberg (1997)
Clark, D.D., Wilson, D.R.: A comparison of commercial and military computer security models. In: Proceedings Symposium on Security and Privacy, pp. 184–194. IEEE Computer Society Press, Los Alamitos (1987)
Delzanno, G., Bultan, T.: Constraint-based verification of client-server protocols. In: Walsh, T. (ed.) CP 2001. LNCS, vol. 2239, p. 286. Springer, Heidelberg (2001)
Dincbas, M., Van Hentenryck, P., Simonis, H., Aggoun, A., Graf, T., Berthier, F.: The constraint logic programming language chip. In: Proceedings of FGCS, pp. 693–702 (1988)
Fargier, H., Lang, J.: Uncertainty in constraint satisfaction problems: a probabilistic approach. In: Moral, S., Kruse, R., Clarke, E. (eds.) ECSQARU 1993. LNCS, vol. 747, pp. 97–104. Springer, Heidelberg (1993)
Foley, S.N.: Evaluating system integrity. In: Proceedings of the ACM New Security Paradigms Workshop (1998)
Foley, S.N.: A non-functional approach to system integrity. IEEE Journal on Selected Areas in Commications (2003) (forthcoming)
Freuder, E.C., Wallace, R.J.: Partial constraint satisfaction. AI Journal 58 (1992)
Frühwirth, T.: Theory and practice of constraint handling rules. Journal of Logic Programming - Special Issue on Constraint Logic Programming 37(1–3), 95–138 (1998)
Laprie, J.: Dependability: Basic concepts and terminology
Mackworth, A.K.: Constraint satisfaction. In: Shapiro, S.C. (ed.) Encyclopedia of AI, 2nd edn., pp. 285–293. John Wiley & Sons, Chichester (1992)
Montanari, U.: Networks of constraints: Fundamental properties and applications to picture processing. Information Science 7, 95–132 (1974) Also Technical Report, Carnegie Mellon University (1971)
Di Pierro, A., Hankin, C., Wiklicky, H.: On approximate non-interference. In: Proceedings of WITS 2002 – Workshop on Issues in the Theory of Security. IFIP WG1.7 (2002)
Puget, J.F.: A c++ implementation of clp. In: Proceedings of the 2nd Singapore International Conference on Intelligent Systems (1994)
Ruttkay, Z.: Fuzzy constraint satisfaction. In: Proc. 3rd IEEE International Conference on Fuzzy Systems, pp. 1263–1268 (1994)
Sandhu, R., et al.: Role based access control models. IEEE Computer 29(2) (1996)
Schaad, A., Moffett, D.: The incorportation of control principles into access control policies. In: Workshop on Policies for Distributed Systems and Networks, Bristol, UK (2001)
Schiex, T.: Possibilistic constraint satisfaction problems, or “how to handle soft constraints?”. In: Proc. 8th Conf. of Uncertainty in AI, pp. 269–275 (1992)
Schiex, T., Fargier, H., Verfaille, G.: Valued Constraint Satisfaction Problems: Hard and Easy Problems. In: Proc. IJCAI 1995, pp. 631–637. Morgan Kaufmann, San Francisco (1995)
Spivey, J.M.: The Z Notation: A Reference Manual, 2nd edn. Series in Computer Science. Prentice Hall International, Englewood Cliffs (1992)
U.S. Department of Defense. Integrity-oriented control objectives: Proposed revisions to the trusted computer system evaluation criteria (TCSEC). Technical Report DOD 5200.28-STD, U. S. National Computer Security Center (October 1991)
United States General Accounting Office, Accounting and Information Management Division. Financial Audit Manual, GAO/AFMD-12.19.5A (December 1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bistarelli, S., Foley, S.N. (2003). A Constraint Framework for the Qualitative Analysis of Dependability Goals: Integrity. In: Anderson, S., Felici, M., Littlewood, B. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2003. Lecture Notes in Computer Science, vol 2788. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39878-3_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-39878-3_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20126-7
Online ISBN: 978-3-540-39878-3
eBook Packages: Springer Book Archive