Automatic security policy enforcement in computer systems

This paper proposes a formal framework for automatic security policy enforcement in computer systems. In this approach, systems and their interactions are formally modeled as process algebra expressions with a new dedicated calculus inspired from the ambient calculus. Security policies are specified with the aid of a dedicated modal logic. We demonstrate how, for a given security policy expressed by a logical formula, our calculus allows to verify whether the specification meets the security policy requirements. If it does not, the optimal enforcement for the system is automatically generated using our enforcement operator. A software prototype has been implemented to show the practical feasibility and the effectiveness of our security policy enforcement framework.