5th European Symposium on Research in Computer Security (ESORICS 98)
A Flexible Method for Information System Security Policy Specification
Rodolphe Ortalo
Keywords : security policy specification, information systems, deontic logic
Abstract : This paper presents a method for the specification of the security of information systems. The proposed approach provides a flexible and expressive specification method, corresponding to the specific needs of organizations. First, we outline the overall guidelines of the security policy definition process, and the different consistency issues associated to the description of the security requirements of an organization information system. The specification language used is based on a convenient extension of deontic logic. The formalism and its extensions are then defined briefly. To illustrate the use of this formalism, the paper presents how the method applies to the description of the security requirements of a real organization: a medium-size bank agency.
(Pages 67-84)