Formal security models have significantly improved the understanding of systems security. They have influenced the way security policies are specified and analyzed, and they provide a sound foundation for a security policy's implementation. While their merits are many, designing security policies is not an easy task, and their use in real-life systems is still far from everyday practice. This project develops WorSE, a security policy engineering workbench to support the development, analysis and implementation of systems with sophisticated security requirements, integrating tools for model-based design, specification and analysis of security policies.
Scalable multi-policy TCBs The goal of our work in this project is a precise identification of the minimum functionality of a TCB. The idea is to replace today's functionally powerful and complex TCBs with policy-specific functionally scalable TCBs whose size and complexity are minimal with respect to the security policies to be enforced. Such minimal TCBs then provide an excellent basis for effective, efficient, and robust implementations of the security properties of IT systems.
Heuristics-based Model Analysis Formal security models are often used to prove concrete security properties. However, if security models of real-world scenarios are the subject of analysis, conventional analysis algorithms often reach the limits of decidability, so that these algorithms usually do not help here. In this project, the suitability of heuristic methods for the safety analysis of safety models is investigated.
Parallelization of HRU safety analysis algorithms Heuristic methods for the safety analysis of safety models counter the decidability problem, but can only mitigate the fundamental problem of high analysis complexity. In this project, the parallelizability of heuristic algorithms for safety analysis of safety models is investigated.