rc: document/root.tex@dd1499f296ea (annotated)

2 301f567e2a8e add document chunhan parents: diff changeset	1	%\documentclass[10pt, conference, compsocconf]{IEEEtran}
301f567e2a8e add document chunhan parents: diff changeset	2	\documentclass[runningheads]{llncs}
301f567e2a8e add document chunhan parents: diff changeset	3	\usepackage{mathpartir}
301f567e2a8e add document chunhan parents: diff changeset	4	\usepackage{isabelle,isabellesym}
301f567e2a8e add document chunhan parents: diff changeset	5	\usepackage{amsmath}
301f567e2a8e add document chunhan parents: diff changeset	6	\usepackage{amssymb}
301f567e2a8e add document chunhan parents: diff changeset	7	\usepackage{times}
301f567e2a8e add document chunhan parents: diff changeset	8	\usepackage{tikz}
301f567e2a8e add document chunhan parents: diff changeset	9	\usepackage{pgf}
301f567e2a8e add document chunhan parents: diff changeset	10	\usepackage{color}
301f567e2a8e add document chunhan parents: diff changeset	11	\usepackage{graphicx}
301f567e2a8e add document chunhan parents: diff changeset	12
301f567e2a8e add document chunhan parents: diff changeset	13	% further packages required for unusual symbols (see also
301f567e2a8e add document chunhan parents: diff changeset	14	% isabellesym.sty), use only when needed
301f567e2a8e add document chunhan parents: diff changeset	15
301f567e2a8e add document chunhan parents: diff changeset	16	%\usepackage{amssymb}
301f567e2a8e add document chunhan parents: diff changeset	17	%for \<leadsto>, \<box>, \<diamond>, \<sqsupset>, \<mho>, \<Join>,
301f567e2a8e add document chunhan parents: diff changeset	18	%\<lhd>, \<lesssim>, \<greatersim>, \<lessapprox>, \<greaterapprox>,
301f567e2a8e add document chunhan parents: diff changeset	19	%\<triangleq>, \<yen>, \<lozenge>
301f567e2a8e add document chunhan parents: diff changeset	20
301f567e2a8e add document chunhan parents: diff changeset	21	%\usepackage[greek,english]{babel}
301f567e2a8e add document chunhan parents: diff changeset	22	%option greek for \<euro>
301f567e2a8e add document chunhan parents: diff changeset	23	%option english (default language) for \<guillemotleft>, \<guillemotright>
301f567e2a8e add document chunhan parents: diff changeset	24
301f567e2a8e add document chunhan parents: diff changeset	25	%\usepackage[only,bigsqcap]{stmaryrd}
301f567e2a8e add document chunhan parents: diff changeset	26	%for \<Sqinter>
301f567e2a8e add document chunhan parents: diff changeset	27
301f567e2a8e add document chunhan parents: diff changeset	28	%\usepackage{eufrak}
301f567e2a8e add document chunhan parents: diff changeset	29	%for \<AA> ... \<ZZ>, \<aa> ... \<zz> (also included in amssymb)
301f567e2a8e add document chunhan parents: diff changeset	30
301f567e2a8e add document chunhan parents: diff changeset	31	%\usepackage{textcomp}
301f567e2a8e add document chunhan parents: diff changeset	32	%for \<onequarter>, \<onehalf>, \<threequarters>, \<degree>, \<cent>,
301f567e2a8e add document chunhan parents: diff changeset	33	%\<currency>
301f567e2a8e add document chunhan parents: diff changeset	34
301f567e2a8e add document chunhan parents: diff changeset	35	% this should be the last package used
301f567e2a8e add document chunhan parents: diff changeset	36
301f567e2a8e add document chunhan parents: diff changeset	37	\usepackage{pdfsetup}
301f567e2a8e add document chunhan parents: diff changeset	38
301f567e2a8e add document chunhan parents: diff changeset	39	% urls in roman style, theory text in math-similar italics
301f567e2a8e add document chunhan parents: diff changeset	40	\urlstyle{rm}
301f567e2a8e add document chunhan parents: diff changeset	41	\isabellestyle{it}
301f567e2a8e add document chunhan parents: diff changeset	42
301f567e2a8e add document chunhan parents: diff changeset	43	% for uniform font size
301f567e2a8e add document chunhan parents: diff changeset	44	\renewcommand{\isastyle}{\isastyleminor}
301f567e2a8e add document chunhan parents: diff changeset	45
301f567e2a8e add document chunhan parents: diff changeset	46	\def\dn{\,\stackrel{\mbox{\scriptsize def}}{=}\,}
301f567e2a8e add document chunhan parents: diff changeset	47	\renewcommand{\isasymequiv}{$\dn$}
301f567e2a8e add document chunhan parents: diff changeset	48	\renewcommand{\isasymemptyset}{$\varnothing$}
301f567e2a8e add document chunhan parents: diff changeset	49	\renewcommand{\isacharunderscore}{\mbox{$\_$}}
301f567e2a8e add document chunhan parents: diff changeset	50	\renewcommand{\isasymiota}{}
301f567e2a8e add document chunhan parents: diff changeset	51	\renewcommand{\isasymtau}{s}
301f567e2a8e add document chunhan parents: diff changeset	52
301f567e2a8e add document chunhan parents: diff changeset	53	\renewcommand{\dagger}{\bullet}
301f567e2a8e add document chunhan parents: diff changeset	54
301f567e2a8e add document chunhan parents: diff changeset	55	\mprset{sep=0.9em}
301f567e2a8e add document chunhan parents: diff changeset	56	%%\mprset{center=false}
301f567e2a8e add document chunhan parents: diff changeset	57	\mprset{flushleft}
301f567e2a8e add document chunhan parents: diff changeset	58	\begin{document}
10 569222a42cf5 updated the paper for submission Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 5 diff changeset	59	%\pagestyle{empty}
2 301f567e2a8e add document chunhan parents: diff changeset	60
10 569222a42cf5 updated the paper for submission Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 5 diff changeset	61	%\noindent
569222a42cf5 updated the paper for submission Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 5 diff changeset	62	%The co-authors Xingyuan Zhang and Christian Urban attest that the student
569222a42cf5 updated the paper for submission Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 5 diff changeset	63	%Chunhan Wu did all the central
569222a42cf5 updated the paper for submission Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 5 diff changeset	64	%work concerning the paper.\bigskip\bigskip
2 301f567e2a8e add document chunhan parents: diff changeset	65
10 569222a42cf5 updated the paper for submission Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 5 diff changeset	66	%\includegraphics[scale=0.9]{xingyuan.jpg}\\
569222a42cf5 updated the paper for submission Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 5 diff changeset	67	%\noindent
569222a42cf5 updated the paper for submission Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 5 diff changeset	68	%Xingyuan Zhang
569222a42cf5 updated the paper for submission Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 5 diff changeset	69	%\bigskip\bigskip
2 301f567e2a8e add document chunhan parents: diff changeset	70
10 569222a42cf5 updated the paper for submission Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 5 diff changeset	71	%\mbox{}\hspace{-8mm}\includegraphics[scale=1.2]{christian.jpg}\\
569222a42cf5 updated the paper for submission Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 5 diff changeset	72	%\noindent
569222a42cf5 updated the paper for submission Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 5 diff changeset	73	%Christian Urban
2 301f567e2a8e add document chunhan parents: diff changeset	74
301f567e2a8e add document chunhan parents: diff changeset	75
301f567e2a8e add document chunhan parents: diff changeset	76	\newpage
301f567e2a8e add document chunhan parents: diff changeset	77
301f567e2a8e add document chunhan parents: diff changeset	78	\title{A Formal Model and Correctness Proof for an Access Control Policy Framework}
301f567e2a8e add document chunhan parents: diff changeset	79	\author{Chunhan Wu\inst{1,2} \and Xingyuan Zhang\inst{1} \and Christian Urban\inst{2}}
301f567e2a8e add document chunhan parents: diff changeset	80	\institute{PLA University of Science and Technology, China \and King's College London, UK}
301f567e2a8e add document chunhan parents: diff changeset	81
301f567e2a8e add document chunhan parents: diff changeset	82	%\author{\IEEEauthorblockN{Chunhan Wu\IEEEauthorrefmark{1}\IEEEauthorrefmark{2},
301f567e2a8e add document chunhan parents: diff changeset	83	%Xingyuan Zhang\IEEEauthorrefmark{1} and
301f567e2a8e add document chunhan parents: diff changeset	84	%Christian Urban\IEEEauthorrefmark{2}}
301f567e2a8e add document chunhan parents: diff changeset	85	%\IEEEauthorblockA{\IEEEauthorrefmark{1}PLA University of Science and Technology, Nanjing, China\\
301f567e2a8e add document chunhan parents: diff changeset	86	%Email: wuchunhan@gmail.com, xingyuanzhang@126.com}
301f567e2a8e add document chunhan parents: diff changeset	87	%\IEEEauthorblockA{\IEEEauthorrefmark{2}King's College London, London, UK\\
301f567e2a8e add document chunhan parents: diff changeset	88	%Email: christian.urban@kcl.ac.uk}
301f567e2a8e add document chunhan parents: diff changeset	89	%}
301f567e2a8e add document chunhan parents: diff changeset	90
301f567e2a8e add document chunhan parents: diff changeset	91	\maketitle
301f567e2a8e add document chunhan parents: diff changeset	92
301f567e2a8e add document chunhan parents: diff changeset	93
301f567e2a8e add document chunhan parents: diff changeset	94	\begin{abstract}
301f567e2a8e add document chunhan parents: diff changeset	95	If an access control policy promises that a resource is protected in a
301f567e2a8e add document chunhan parents: diff changeset	96	system, how do we know it is really protected? To give an answer we
301f567e2a8e add document chunhan parents: diff changeset	97	formalise in this paper the Role-Compatibility Model---a framework,
301f567e2a8e add document chunhan parents: diff changeset	98	introduced by Ott, in which access control policies can be
301f567e2a8e add document chunhan parents: diff changeset	99	expressed. We also give a dynamic model determining which security
301f567e2a8e add document chunhan parents: diff changeset	100	related events can happen while a system is running. We prove that if
301f567e2a8e add document chunhan parents: diff changeset	101	a policy in this framework ensures a resource is protected, then there
301f567e2a8e add document chunhan parents: diff changeset	102	is really no sequence of events that would compromise the security of
301f567e2a8e add document chunhan parents: diff changeset	103	this resource. We also prove the opposite: if a policy does not
301f567e2a8e add document chunhan parents: diff changeset	104	prevent a security compromise of a resource, then there is a sequence
301f567e2a8e add document chunhan parents: diff changeset	105	of events that will compromise it. Consequently, a static policy
301f567e2a8e add document chunhan parents: diff changeset	106	check is sufficient (sound and complete) in order to guarantee or
301f567e2a8e add document chunhan parents: diff changeset	107	expose the security of resources before running the system. Our
5 8a6e12a9800d updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 2 diff changeset	108	formal model and correctness proof are mechanised in the
2 301f567e2a8e add document chunhan parents: diff changeset	109	Isabelle/HOL theorem prover using Paulson's inductive method for
301f567e2a8e add document chunhan parents: diff changeset	110	reasoning about valid sequences of events. Our results apply to the
301f567e2a8e add document chunhan parents: diff changeset	111	Role-Compatibility Model, but can be readily adapted to other
301f567e2a8e add document chunhan parents: diff changeset	112	role-based access control models.
301f567e2a8e add document chunhan parents: diff changeset	113	\end{abstract}
301f567e2a8e add document chunhan parents: diff changeset	114
301f567e2a8e add document chunhan parents: diff changeset	115	%\begin{IEEEkeywords}
301f567e2a8e add document chunhan parents: diff changeset	116	%Security, Role-Based Access Control, Verification, Isabelle/HOL, Inductive Method
301f567e2a8e add document chunhan parents: diff changeset	117	%\end{IEEEkeywords}
301f567e2a8e add document chunhan parents: diff changeset	118
301f567e2a8e add document chunhan parents: diff changeset	119
301f567e2a8e add document chunhan parents: diff changeset	120	%\IEEEpeerreviewmaketitle
301f567e2a8e add document chunhan parents: diff changeset	121
301f567e2a8e add document chunhan parents: diff changeset	122
301f567e2a8e add document chunhan parents: diff changeset	123	%\tableofcontents
301f567e2a8e add document chunhan parents: diff changeset	124
301f567e2a8e add document chunhan parents: diff changeset	125	% sane default for proof documents
301f567e2a8e add document chunhan parents: diff changeset	126	%\parindent 0pt\parskip 0.5ex
301f567e2a8e add document chunhan parents: diff changeset	127
301f567e2a8e add document chunhan parents: diff changeset	128
301f567e2a8e add document chunhan parents: diff changeset	129
301f567e2a8e add document chunhan parents: diff changeset	130
301f567e2a8e add document chunhan parents: diff changeset	131
301f567e2a8e add document chunhan parents: diff changeset	132
301f567e2a8e add document chunhan parents: diff changeset	133	% generated text of all theories
301f567e2a8e add document chunhan parents: diff changeset	134	\input{session}
301f567e2a8e add document chunhan parents: diff changeset	135
301f567e2a8e add document chunhan parents: diff changeset	136	% optional bibliography
301f567e2a8e add document chunhan parents: diff changeset	137	\bibliographystyle{abbrv}
301f567e2a8e add document chunhan parents: diff changeset	138	\bibliography{root}
301f567e2a8e add document chunhan parents: diff changeset	139
301f567e2a8e add document chunhan parents: diff changeset	140	\end{document}
301f567e2a8e add document chunhan parents: diff changeset	141
301f567e2a8e add document chunhan parents: diff changeset	142	%%% Local Variables:
301f567e2a8e add document chunhan parents: diff changeset	143	%%% mode: latex
301f567e2a8e add document chunhan parents: diff changeset	144	%%% TeX-master: t
301f567e2a8e add document chunhan parents: diff changeset	145	%%% End:

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Fri, 06 Sep 2013 12:55:12 +0100
changeset 13	dd1499f296ea
parent 10	569222a42cf5
permissions	-rw-r--r--