Skip to Main content Skip to Navigation
Theses

Méthodes algébriques pour la formalisation et l'analyse de politiques de sécurité

Tony Bourdier 1
1 PAREO - Formal islands: foundations and applications
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : Designing and applying formal methods for specifying, analyzing and verifying softwares and systems are the main driving forces behind the work presented in this manuscript. In this context, our activities fall into the category of formal methods belonging to the wider community of software engineering. At the interface between theoretical and applied research, our aim is to contribute to the methods ensuring the correction and the safety of systems (security, reliability, ...) by developing or by improving specification languages, techniques and tools allowing their formal analysis. In this purpose, we became attached in this thesis to propose and to study a formal framework allowing the specification of security policies and the verification of their properties. We first proposed a framework for specifying security policies based on a modular approach in which policies are seen as a composition of security models and configurations. We investigated the possibilities opened by such specifications when models are expressed by means of first order constraints and configurations by means of logical programs. In particular, we proposed an algorithm allowing the transformation of a security policy expressed in a given model towards another equivalent policy expressed in another model. Secondly, we suggested taking into account dynamic aspects of policy configurations which can be seen as states of the system on which the policy is applied and where each action is associated with a procedure of states modification. We proposed a simple formal language to specify separately systems and security policies and then gave a semantics of specifications expressed in this framework under the form of rewriting systems. We then attempted to show that the obtained rewriting systems allow the analysis of security properties. In the third part, we focused on mechanisms enforcing security policies in networks. In this context, we proposed a specification of firewalls and their compositions based on tree automata and rewriting systems and then showed how these specifications allow us to analyze in an automatic way the underlying security policies.
Complete list of metadatas

Cited literature [150 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-00646401
Contributor : Tony Bourdier <>
Submitted on : Friday, December 16, 2011 - 10:32:33 AM
Last modification on : Monday, April 16, 2018 - 10:41:36 AM
Long-term archiving on: : Monday, December 5, 2016 - 10:13:22 AM

Identifiers

  • HAL Id : tel-00646401, version 1

Citation

Tony Bourdier. Méthodes algébriques pour la formalisation et l'analyse de politiques de sécurité. Logique en informatique [cs.LO]. Université Henri Poincaré - Nancy I, 2011. Français. ⟨tel-00646401⟩

Share

Metrics

Record views

439

Files downloads

1837