Logic-Based Dynamical Security Policy Language and Verification

Bao Yibao; Yin Lihua; Fang Binxing; Guo Li

Journal of Computer Research and Development > 2013 > 50(5): 932-941.

Bao Yibao, Yin Lihua, Fang Binxing, Guo Li. Logic-Based Dynamical Security Policy Language and Verification[J]. Journal of Computer Research and Development, 2013, 50(5): 932-941.

Citation:

Bao Yibao, Yin Lihua, Fang Binxing, Guo Li. Logic-Based Dynamical Security Policy Language and Verification[J]. Journal of Computer Research and Development, 2013, 50(5): 932-941.

Citation:

Bao Yibao, Yin Lihua, Fang Binxing, Guo Li. Logic-Based Dynamical Security Policy Language and Verification[J]. Journal of Computer Research and Development, 2013, 50(5): 932-941.

PDF (2003 KB)

Logic-Based Dynamical Security Policy Language and Verification

1(Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190) 2(Institute of Electronic Technology, Information Engineering University of PLA, Zhengzhou 450004)

More Information

Published Date: May 14, 2013

Graphical Abstract

Abstract

Abstract

Expression, query evaluation and verification are great significant to dynamical security policy management, but they are very difficult to solve at present. This paper proposes a logic system, called SSML, which can be used to declare, evaluate and verify dynamic security policy. Firstly, we propose the syntax and the semantic of SSML (simple state modifying logic) based on logic programming theory, which shows that an SSML security policy can dynamically insert facts into itself or delete facts from itself. Then, we prove that the query evaluation problem of logic systems based on SSML is undecidable in general, which shows that there is no general algorithm to be able to evaluate all SSML security policies. So we turn to research on its sub-languages, and find two types of SSML security policies with limited syntax-NDel security policies and TDel security policies, and they have decidable evaluation algorithms. We actually give their query evaluation algorithms-OLDTE and OLDTT. They are complete and sound, and have polynomial computation complexity. Eventually, we show how to use SSML to verify a security policy through an actual example. We claim that OLDTE and OLDTT can be widely used in security policy management and verification.
- SSML logic,
- dynamic security policy,
- security management,
- verification,
- dynamic decision,
- security analysis

FullText(HTML)

References (0)

[1]	Wu Jinjin, Liu Quan, Chen Song, Yan Yan. Averaged Weighted Double Deep Q-Network[J]. Journal of Computer Research and Development, 2020, 57(3): 576-589. DOI: 10.7544/issn1000-1239.2020.20190159
[2]	Zhu Fei, Wu Wen, Liu Quan, Fu Yuchen. A Deep Q-Network Method Based on Upper Confidence Bound Experience Sampling[J]. Journal of Computer Research and Development, 2018, 55(8): 1694-1705. DOI: 10.7544/issn1000-1239.2018.20180148
[3]	Yang Yatao, Zhang Yaze, Li Zichen, Zhang Fengjuan, Liu Boya. RAKA: New Authenticated Key Agreement Protocol Based on Ring-LWE[J]. Journal of Computer Research and Development, 2017, 54(10): 2187-2192. DOI: 10.7544/issn1000-1239.2017.20170477
[4]	Chen Junyu, Zhou Gang, Nan Yu, Zeng Qi. Semi-Supervised Local Expansion Method for Overlapping Community Detection[J]. Journal of Computer Research and Development, 2016, 53(6): 1376-1388. DOI: 10.7544/issn1000-1239.2016.20148339
[5]	He Xianmang, Chen Yindong, Li Dong, Hao Yanni. Study on Semi-Homogenous Algorithm Based on Ring Generalization[J]. Journal of Computer Research and Development, 2015, 52(10): 2382-2394. DOI: 10.7544/issn1000-1239.2015.20150494
[6]	Yang Shilai, Yang Yahui, Shen Qingni, and Huang Haizhen. A Method of Intrusion Detection Based on Semi-Supervised GHSOM[J]. Journal of Computer Research and Development, 2013, 50(11): 2375-2382.
[7]	Li Yufeng, Huang Shengjun, and Zhou Zhihua. Regularized Semi-Supervised Multi-Label Learning[J]. Journal of Computer Research and Development, 2012, 49(6): 1272-1278.
[8]	Liu Tao, He Yanxiang, Xiong Qi. A Q-Learning Based Real-Time Mitigating Mechanism against LDoS Attack and Its Modeling and Simulation with CPN[J]. Journal of Computer Research and Development, 2011, 48(3): 432-439.
[9]	Chen Shaozhen, Wang Wenqiang, Peng Shujuan. Efficient AttributeBased Ring Signature Schemes[J]. Journal of Computer Research and Development, 2010, 47(12).
[10]	Yang Jian, Wang Jue, Zhong Ning. Laplacian Semi-Supervised Regression on a Manifold[J]. Journal of Computer Research and Development, 2007, 44(7): 1121-1127.