Term Rewriting and Modularity for Security Policies
Identifieur interne : 004A39 ( Hal/Curation ); précédent : 004A38; suivant : 004A40Term Rewriting and Modularity for Security Policies
Auteurs : Anderson Santana De Oliveira [France]Source :
Descripteurs français
English descriptors
Abstract
In this thesis we address the modular specification and analysis of flexible, rule-based policies. We introduce the use of the strategic rewriting formalism in this domain, such that our framework inherits techniques, theorems, and tools from the rewriting theory. This allows us to easily state and verify important policy properties such as the absence of conflicts, for instance. Moreover, we develop rewrite-based methods to verify elaborate policy properties such as the safety problem in access control and the detection of information flows in mandatory policies.
We show that strategies are important to preserve policy properties under composition. The rich strategy languages available in systems like Tom, Stratego, Maude, ASF+SDF and Elan allows us to define several kinds of policy combiners.
Finally, in this thesis we provide a systematic methodology to enforce rewrite-based policies on existing applications through aspect-oriented programming. Policies are weaved into the existing code, resulting in programs that implement a reference monitor for the given policy. Reuse is improved since policies and programs can be maintained independently from each other.
We show that strategies are important to preserve policy properties under composition. The rich strategy languages available in systems like Tom, Stratego, Maude, ASF+SDF and Elan allows us to define several kinds of policy combiners.
Finally, in this thesis we provide a systematic methodology to enforce rewrite-based policies on existing applications through aspect-oriented programming. Policies are weaved into the existing code, resulting in programs that implement a reference monitor for the given policy. Reuse is improved since policies and programs can be maintained independently from each other.
Url:
Links toward previous steps (curation, corpus...)
- to stream Hal, to step Corpus: Pour aller vers cette notice dans l'étape Curation :004A39
Links to Exploration step
Hal:tel-00335079Le document en format XML
<record><TEI><teiHeader><fileDesc><titleStmt><title xml:lang="en">Term Rewriting and Modularity for Security Policies</title><title xml:lang="fr">Réécriture et Modularité pour les Politiques de Sécurité</title><author><name sortKey="Santana De Oliveira, Anderson" sort="Santana De Oliveira, Anderson" uniqKey="Santana De Oliveira A" first="Anderson" last="Santana De Oliveira">Anderson Santana De Oliveira</name><affiliation wicri:level="1"><hal:affiliation type="researchteam" xml:id="struct-54175" status="OLD"><idno type="RNSR">200820941G</idno><orgName>Formal islands: foundations and applications</orgName><orgName type="acronym">PAREO</orgName><desc><address><country key="FR"></country></address><ref type="url">http://www.inria.fr/equipes/pareo</ref></desc><listRelation><relation active="#struct-160" type="direct"></relation><relation name="UMR7503" active="#struct-441569" type="indirect"></relation><relation active="#struct-300009" type="indirect"></relation><relation active="#struct-300291" type="indirect"></relation><relation active="#struct-300292" type="indirect"></relation><relation active="#struct-300293" type="indirect"></relation><relation active="#struct-2496" type="direct"></relation></listRelation><tutelles><tutelle active="#struct-160" type="direct"><org type="laboratory" xml:id="struct-160" status="OLD"><orgName>Laboratoire Lorrain de Recherche en Informatique et ses Applications</orgName><orgName type="acronym">LORIA</orgName><desc><address><addrLine>Campus Scientifique BP 239 54506 Vandoeuvre-lès-Nancy Cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.loria.fr</ref></desc><listRelation><relation name="UMR7503" active="#struct-441569" type="direct"></relation><relation active="#struct-300009" type="direct"></relation><relation active="#struct-300291" type="direct"></relation><relation active="#struct-300292" type="direct"></relation><relation active="#struct-300293" type="direct"></relation></listRelation></org></tutelle><tutelle name="UMR7503" active="#struct-441569" type="indirect"><org type="institution" xml:id="struct-441569" status="VALID"><idno type="ISNI">0000000122597504</idno><idno type="IdRef">02636817X</idno><orgName>Centre National de la Recherche Scientifique</orgName><orgName type="acronym">CNRS</orgName><date type="start">1939-10-19</date><desc><address><country key="FR"></country></address><ref type="url">http://www.cnrs.fr/</ref></desc></org></tutelle><tutelle active="#struct-300009" type="indirect"><org type="institution" xml:id="struct-300009" status="VALID"><orgName>Institut National de Recherche en Informatique et en Automatique</orgName><orgName type="acronym">Inria</orgName><desc><address><addrLine>Domaine de VoluceauRocquencourt - BP 10578153 Le Chesnay Cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.inria.fr/en/</ref></desc></org></tutelle><tutelle active="#struct-300291" type="indirect"><org type="institution" xml:id="struct-300291" status="OLD"><orgName>Université Henri Poincaré - Nancy 1</orgName><orgName type="acronym">UHP</orgName><date type="end">2011-12-31</date><desc><address><addrLine>24-30 rue Lionnois, BP 60120, 54 003 NANCY cedex, France</addrLine><country key="FR"></country></address></desc></org></tutelle><tutelle active="#struct-300292" type="indirect"><org type="institution" xml:id="struct-300292" status="OLD"><orgName>Université Nancy 2</orgName><date type="end">2011-12-31</date><desc><address><addrLine>91 avenue de la Libération, BP 454, 54001 Nancy cedex</addrLine><country key="FR"></country></address></desc></org></tutelle><tutelle active="#struct-300293" type="indirect"><org type="institution" xml:id="struct-300293" status="OLD"><orgName>Institut National Polytechnique de Lorraine</orgName><orgName type="acronym">INPL</orgName><date type="end">2011-12-31</date><desc><address><country key="FR"></country></address></desc></org></tutelle><tutelle active="#struct-2496" type="direct"><org type="laboratory" xml:id="struct-2496" status="OLD"><orgName>INRIA Lorraine</orgName><desc><address><addrLine>615 rue du Jardin Botanique 54600 Villers-lès-Nancy</addrLine><country key="FR"></country></address><ref type="url">http://www.inria.fr/centre-de-recherche-inria/nancy-grand-est</ref></desc><listRelation><relation active="#struct-300009" type="direct"></relation></listRelation></org></tutelle></tutelles></hal:affiliation><country>France</country><placeName><settlement type="city">Nancy</settlement><region type="region" nuts="2">Grand Est</region><region type="old region" nuts="2">Lorraine (région)</region></placeName><orgName type="university">Université Nancy 2</orgName><orgName type="institution" wicri:auto="newGroup">Université de Lorraine</orgName><placeName><settlement type="city">Nancy</settlement><region type="region" nuts="2">Grand Est</region><region type="old region" nuts="2">Lorraine (région)</region></placeName><orgName type="university">Institut national polytechnique de Lorraine</orgName><orgName type="institution" wicri:auto="newGroup">Université de Lorraine</orgName></affiliation></author></titleStmt><publicationStmt><idno type="wicri:source">HAL</idno><idno type="RBID">Hal:tel-00335079</idno><idno type="halId">tel-00335079</idno><idno type="halUri">https://tel.archives-ouvertes.fr/tel-00335079</idno><idno type="url">https://tel.archives-ouvertes.fr/tel-00335079</idno><date when="2008-03-31">2008-03-31</date><idno type="wicri:Area/Hal/Corpus">004A39</idno><idno type="wicri:Area/Hal/Curation">004A39</idno></publicationStmt><sourceDesc><biblStruct><analytic><title xml:lang="en">Term Rewriting and Modularity for Security Policies</title><title xml:lang="fr">Réécriture et Modularité pour les Politiques de Sécurité</title><author><name sortKey="Santana De Oliveira, Anderson" sort="Santana De Oliveira, Anderson" uniqKey="Santana De Oliveira A" first="Anderson" last="Santana De Oliveira">Anderson Santana De Oliveira</name><affiliation wicri:level="1"><hal:affiliation type="researchteam" xml:id="struct-54175" status="OLD"><idno type="RNSR">200820941G</idno><orgName>Formal islands: foundations and applications</orgName><orgName type="acronym">PAREO</orgName><desc><address><country key="FR"></country></address><ref type="url">http://www.inria.fr/equipes/pareo</ref></desc><listRelation><relation active="#struct-160" type="direct"></relation><relation name="UMR7503" active="#struct-441569" type="indirect"></relation><relation active="#struct-300009" type="indirect"></relation><relation active="#struct-300291" type="indirect"></relation><relation active="#struct-300292" type="indirect"></relation><relation active="#struct-300293" type="indirect"></relation><relation active="#struct-2496" type="direct"></relation></listRelation><tutelles><tutelle active="#struct-160" type="direct"><org type="laboratory" xml:id="struct-160" status="OLD"><orgName>Laboratoire Lorrain de Recherche en Informatique et ses Applications</orgName><orgName type="acronym">LORIA</orgName><desc><address><addrLine>Campus Scientifique BP 239 54506 Vandoeuvre-lès-Nancy Cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.loria.fr</ref></desc><listRelation><relation name="UMR7503" active="#struct-441569" type="direct"></relation><relation active="#struct-300009" type="direct"></relation><relation active="#struct-300291" type="direct"></relation><relation active="#struct-300292" type="direct"></relation><relation active="#struct-300293" type="direct"></relation></listRelation></org></tutelle><tutelle name="UMR7503" active="#struct-441569" type="indirect"><org type="institution" xml:id="struct-441569" status="VALID"><idno type="ISNI">0000000122597504</idno><idno type="IdRef">02636817X</idno><orgName>Centre National de la Recherche Scientifique</orgName><orgName type="acronym">CNRS</orgName><date type="start">1939-10-19</date><desc><address><country key="FR"></country></address><ref type="url">http://www.cnrs.fr/</ref></desc></org></tutelle><tutelle active="#struct-300009" type="indirect"><org type="institution" xml:id="struct-300009" status="VALID"><orgName>Institut National de Recherche en Informatique et en Automatique</orgName><orgName type="acronym">Inria</orgName><desc><address><addrLine>Domaine de VoluceauRocquencourt - BP 10578153 Le Chesnay Cedex</addrLine><country key="FR"></country></address><ref type="url">http://www.inria.fr/en/</ref></desc></org></tutelle><tutelle active="#struct-300291" type="indirect"><org type="institution" xml:id="struct-300291" status="OLD"><orgName>Université Henri Poincaré - Nancy 1</orgName><orgName type="acronym">UHP</orgName><date type="end">2011-12-31</date><desc><address><addrLine>24-30 rue Lionnois, BP 60120, 54 003 NANCY cedex, France</addrLine><country key="FR"></country></address></desc></org></tutelle><tutelle active="#struct-300292" type="indirect"><org type="institution" xml:id="struct-300292" status="OLD"><orgName>Université Nancy 2</orgName><date type="end">2011-12-31</date><desc><address><addrLine>91 avenue de la Libération, BP 454, 54001 Nancy cedex</addrLine><country key="FR"></country></address></desc></org></tutelle><tutelle active="#struct-300293" type="indirect"><org type="institution" xml:id="struct-300293" status="OLD"><orgName>Institut National Polytechnique de Lorraine</orgName><orgName type="acronym">INPL</orgName><date type="end">2011-12-31</date><desc><address><country key="FR"></country></address></desc></org></tutelle><tutelle active="#struct-2496" type="direct"><org type="laboratory" xml:id="struct-2496" status="OLD"><orgName>INRIA Lorraine</orgName><desc><address><addrLine>615 rue du Jardin Botanique 54600 Villers-lès-Nancy</addrLine><country key="FR"></country></address><ref type="url">http://www.inria.fr/centre-de-recherche-inria/nancy-grand-est</ref></desc><listRelation><relation active="#struct-300009" type="direct"></relation></listRelation></org></tutelle></tutelles></hal:affiliation><country>France</country><placeName><settlement type="city">Nancy</settlement><region type="region" nuts="2">Grand Est</region><region type="old region" nuts="2">Lorraine (région)</region></placeName><orgName type="university">Université Nancy 2</orgName><orgName type="institution" wicri:auto="newGroup">Université de Lorraine</orgName><placeName><settlement type="city">Nancy</settlement><region type="region" nuts="2">Grand Est</region><region type="old region" nuts="2">Lorraine (région)</region></placeName><orgName type="university">Institut national polytechnique de Lorraine</orgName><orgName type="institution" wicri:auto="newGroup">Université de Lorraine</orgName></affiliation></author></analytic></biblStruct></sourceDesc></fileDesc><profileDesc><textClass><keywords scheme="mix" xml:lang="en"><term>Access Control</term><term>Policy
Composition</term><term>Security Policies</term><term>Strategic Rewriting</term><term>Term Rewriting</term></keywords><keywords scheme="mix" xml:lang="fr"><term>Composition</term><term>Contrôle d'Accès</term><term>Politiques de Sécurité</term><term>Réécriture</term><term>Stratégies</term></keywords></textClass></profileDesc></teiHeader><front><div type="abstract" xml:lang="en">In this thesis we address the modular specification and analysis of flexible, rule-based policies. We introduce the use of the strategic rewriting formalism in this domain, such that our framework inherits techniques, theorems, and tools from the rewriting theory. This allows us to easily state and verify important policy properties such as the absence of conflicts, for instance. Moreover, we develop rewrite-based methods to verify elaborate policy properties such as the safety problem in access control and the detection of information flows in mandatory policies.
We show that strategies are important to preserve policy properties under composition. The rich strategy languages available in systems like Tom, Stratego, Maude, ASF+SDF and Elan allows us to define several kinds of policy combiners.
Finally, in this thesis we provide a systematic methodology to enforce rewrite-based policies on existing applications through aspect-oriented programming. Policies are weaved into the existing code, resulting in programs that implement a reference monitor for the given policy. Reuse is improved since policies and programs can be maintained independently from each other.</div></front></TEI><hal api="V3"><titleStmt><title xml:lang="en">Term Rewriting and Modularity for Security Policies</title><title xml:lang="fr">Réécriture et Modularité pour les Politiques de Sécurité</title><author role="aut"><persName><forename type="first">Anderson</forename><surname>Santana De Oliveira</surname></persName><email>santana@loria.fr</email><idno type="halauthor">66741</idno><affiliation ref="#struct-54175"></affiliation></author><editor role="depositor"><persName><forename>Anderson</forename><surname>Santana De Oliveira</surname></persName><email>santana@loria.fr</email></editor></titleStmt><editionStmt><edition n="v1" type="current"><date type="whenSubmitted">2008-10-28 14:01:45</date><date type="whenModified">2016-05-18 09:00:27</date><date type="whenReleased">2008-10-28 14:06:17</date><date type="whenProduced">2008-03-31</date><date type="whenEndEmbargoed">2008-10-28</date><ref type="file" target="https://tel.archives-ouvertes.fr/tel-00335079/document"><date notBefore="2008-10-28"></date></ref><ref type="file" n="1" target="https://tel.archives-ouvertes.fr/tel-00335079/file/thesis.pdf"><date notBefore="2008-10-28"></date></ref></edition><respStmt><resp>contributor</resp><name key="103955"><persName><forename>Anderson</forename><surname>Santana De Oliveira</surname></persName><email>santana@loria.fr</email></name></respStmt></editionStmt><publicationStmt><distributor>CCSD</distributor><idno type="halId">tel-00335079</idno><idno type="halUri">https://tel.archives-ouvertes.fr/tel-00335079</idno><idno type="halBibtex">santanadeoliveira:tel-00335079</idno><idno type="halRefHtml">Génie logiciel [cs.SE]. Université Henri Poincaré - Nancy I, 2008. Français</idno><idno type="halRef">Génie logiciel [cs.SE]. Université Henri Poincaré - Nancy I, 2008. Français</idno></publicationStmt><seriesStmt><idno type="stamp" n="CNRS">CNRS - Centre national de la recherche scientifique</idno><idno type="stamp" n="INRIA">INRIA - Institut National de Recherche en Informatique et en Automatique</idno><idno type="stamp" n="INPL">Institut National Polytechnique de Lorraine</idno><idno type="stamp" n="LORIA2">Publications du LORIA</idno><idno type="stamp" n="INRIA-NANCY-GRAND-EST">INRIA Nancy - Grand Est</idno><idno type="stamp" n="LORIA">LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications</idno><idno type="stamp" n="LORIA-FM" p="LORIA">Méthodes formelles</idno><idno type="stamp" n="INRIA2">INRIA 2</idno><idno type="stamp" n="INRIA-LORRAINE">INRIA Nancy - Grand Est</idno><idno type="stamp" n="LABO-LORIA-SET" p="LORIA">LABO-LORIA-SET</idno><idno type="stamp" n="UNIV-LORRAINE">Université de Lorraine</idno></seriesStmt><notesStmt></notesStmt><sourceDesc><biblStruct><analytic><title xml:lang="en">Term Rewriting and Modularity for Security Policies</title><title xml:lang="fr">Réécriture et Modularité pour les Politiques de Sécurité</title><author role="aut"><persName><forename type="first">Anderson</forename><surname>Santana De Oliveira</surname></persName><email>santana@loria.fr</email><idno type="halAuthorId">66741</idno><affiliation ref="#struct-54175"></affiliation></author></analytic><monogr><imprint><date type="dateDefended">2008-03-31</date></imprint><authority type="institution">Université Henri Poincaré - Nancy I</authority><authority type="school">Mathématiques, Sciences et Technologies de l'Information (Informatique)</authority><authority type="supervisor">Claude KIRCHNER(Claude.Kirchner@inria.fr)</authority><authority type="jury">Frédéric Cuppens (Rapporteur)</authority><authority type="jury">Maribel Fernandez (Rapporteur)</authority><authority type="jury">Piero A. Bonatti (Examinateur)</authority><authority type="jury">Isabelle Chrisment (Examinateur)</authority><authority type="jury">Daniel J. Dougherty(Examinateur)</authority><authority type="jury">Thérèse Hardin (Examinateur)</authority><authority type="jury">Claude Kirchner (Directeur)</authority><authority type="jury">Hélène Kirchner (Co-Directeur)</authority></monogr></biblStruct></sourceDesc><profileDesc><langUsage><language ident="fr">French</language></langUsage><textClass><keywords scheme="author"><term xml:lang="en">Security Policies</term><term xml:lang="en">Policy
Composition</term><term xml:lang="en">Access Control</term><term xml:lang="en">Strategic Rewriting</term><term xml:lang="en">Term Rewriting</term><term xml:lang="fr">Politiques de Sécurité</term><term xml:lang="fr">Composition</term><term xml:lang="fr">Contrôle d'Accès</term><term xml:lang="fr">Réécriture</term><term xml:lang="fr">Stratégies</term></keywords><classCode scheme="halDomain" n="info.info-se">Computer Science [cs]/Software Engineering [cs.SE]</classCode><classCode scheme="halTypology" n="THESE">Theses</classCode></textClass><abstract xml:lang="en">In this thesis we address the modular specification and analysis of flexible, rule-based policies. We introduce the use of the strategic rewriting formalism in this domain, such that our framework inherits techniques, theorems, and tools from the rewriting theory. This allows us to easily state and verify important policy properties such as the absence of conflicts, for instance. Moreover, we develop rewrite-based methods to verify elaborate policy properties such as the safety problem in access control and the detection of information flows in mandatory policies.
We show that strategies are important to preserve policy properties under composition. The rich strategy languages available in systems like Tom, Stratego, Maude, ASF+SDF and Elan allows us to define several kinds of policy combiners.
Finally, in this thesis we provide a systematic methodology to enforce rewrite-based policies on existing applications through aspect-oriented programming. Policies are weaved into the existing code, resulting in programs that implement a reference monitor for the given policy. Reuse is improved since policies and programs can be maintained independently from each other.</abstract><abstract xml:lang="fr">Dans cette thèse, nous nous intéressons à la spécification et à l'analyse modulaires de politiques de sécurité flexibles basées sur des règles.
Nous introduisons l'utilisation du formalisme de réécriture stratégique dans ce domaine, afin que notre cadre hérite des techniques, des théorèmes, et des outils de la théorie de réécriture. Ceci nous permet d'énoncer facilement et de vérifier des propriétés importantes des politiques de sécurité telles que l'absence des conflits.
En outre, nous développons des méthodes basées sur la réécriture de termes pour vérifier des propriétés plus élaborées des politiques. Ces propriétés sont la sûreté dans le contrôle d'accès et la détection des flux d'information dans des politiques obligatoires.
Par ailleurs, nous montrons que les stratégies de réécriture sont importantes pour préserver des propriétés des politiques par composition. Les langages de stratégies disponibles dans des systèmes comme Tom, Stratego, Maude, ASF+SDF et Elan, nous permettent de définir plusieurs genres de combinateurs de politiques.
Enfin, nous fournissons également une méthodologie pour imposer à des applications existantes, de respecter des politiques basées sur la réécriture via la programmation par aspects. Les politiques sont tissées dans le code existant, ce qui génère des programmes mettant en oeuvre des moniteurs de référence. La réutilisation des politiques et des programmes est améliorée car ils peuvent être maintenus indépendamment.</abstract></profileDesc></hal></record>Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Lorraine/explor/InforLorV4/Data/Hal/Curation
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 004A39 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Hal/Curation/biblio.hfd -nk 004A39 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien
|wiki= Wicri/Lorraine
|area= InforLorV4
|flux= Hal
|étape= Curation
|type= RBID
|clé= Hal:tel-00335079
|texte= Term Rewriting and Modularity for Security Policies
}}
| This area was generated with Dilib version V0.6.33. |  |