Luay A. Wahsheh
Ph.D Dissertation Defense

Security Policy Design and Implementation in High Assurance Computer Systems

Major Professor: Dr. Jim Alves-Foss

Friday, March 28, 2008, 1:00 pm, MRCI Conference Room (BEL 328)

 

Abstract: One fundamental key to successful implementation of secure high assurance computer systems is the design and implementation of security policies. For distributed systems enforcing multiple concurrent policies, the design of correct implementation mechanisms is a challenging and difficult task. To simplify this task, my dissertation presents a formal security policy framework that will increase the overall security in high assurance computer systems. The framework includes a security policy that defines rules that regulate information access, a security model that provides a representation of the policy which enables reasoning about the system, and a security enforcement mechanism that applies the actions imposed by the policy and stated in the model. The framework consists of five interrelated phases: policy specification, policy integration, policy verification, policy validation, and policy implementation. Multiple independent policies are specified as formulas that describe relationships between sets of entities based on predicate logic with a solid mathematical foundation. These multiple policies are then integrated into a single system policy by applying an inter-enclave multi-policy classification paradigm for information access. Then, a resolution theorem prover is used to verify system correctness with respect to policies in their life-cycle stages. A graph-based visualization tool is then used to validate policies and provide system security managers with a process that enables policy reviews and visualizes interactions between the system's entities. Finally, a policy implementation model is developed to securely control information access.