Security Policy Development: Towards a Life-Cycle and Logic-Based Verification Model

Luay A. Wahsheh; Jim Alves-Foss

doi:10.3844/ajassp.2008.1117.1126

Research Article Open Access

Security Policy Development: Towards a Life-Cycle and Logic-Based Verification Model

Luay A. Wahsheh and Jim Alves-Foss

Abstract

Although security plays a major role in the design of software systems, security requirements and policies are usually added to an already existing system, not created in conjunction with the product. As a result, there are often numerous problems with the overall design. In this paper, we discuss the relationship between software engineering, security engineering, and policy engineering and present a security policy life-cycle; an engineering methodology to policy development in high assurance computer systems. The model provides system security managers with a procedural engineering process to develop security policies. We also present an executable Prolog-based model as a formal specification and knowledge representation method using a theorem prover to verify system correctness with respect to security policies in their life-cycle stages.

American Journal of Applied Sciences

Volume 5 No. 9, 2008, 1117-1126

DOI: https://doi.org/10.3844/ajassp.2008.1117.1126

Submitted On: 19 September 2007 Published On: 30 September 2008

How to Cite: Wahsheh, L. A. & Alves-Foss, J. (2008). Security Policy Development: Towards a Life-Cycle and Logic-Based Verification Model. American Journal of Applied Sciences, 5(9), 1117-1126. https://doi.org/10.3844/ajassp.2008.1117.1126

Copyright: © 2008 Luay A. Wahsheh and Jim Alves-Foss. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

3,596 Views
3,090 Downloads
4 Citations

Download

Keywords

Logic
policy engineering
policy life-cycle
policy verification