Reference from ESORICS proceedings

5th European Symposium on Research in Computer Security (ESORICS 98)

A Flexible Method for Information System Security Policy Specification

Rodolphe Ortalo

Keywords : security policy specification, information systems, deontic logic

Abstract : This paper presents a method for the specification of the security of information systems. The proposed approach provides a flexible and expressive specification method, corresponding to the specific needs of organizations. First, we outline the overall guidelines of the security policy definition process, and the different consistency issues associated to the description of the security requirements of an organization information system. The specification language used is based on a convenient extension of deontic logic. The formalism and its extensions are then defined briefly. To illustrate the use of this formalism, the paper presents how the method applies to the description of the security requirements of a real organization: a medium-size bank agency.

(Pages 67-84)

Proceedings table of contents