Abstract
We present in this paper a novel framework named Timed Secure Colored Petri Net (Tscpn) to carry out security verification in a formal and systematic manner,Tscpn is a security policy model to both express time constraints on information (availability) and specify a wide range of information flow security requirements (through multilevel security policies such as Bell-LaPadula) in a decentralized way. We also propose a suitable analysis method to verify security properties by constructing and examining the state space of the constructed model. However as timed models are generally infinite, applying this method must pass by contracting its state space into a finite graph (state class graph) preserving properties of interest. According to this graph, it is possible to verify confidentiality and integrity, enforce control on information flow security, specify temporal access control and information availability. By using this formal method, many security drawbacks can be eliminated in advance during the system design.
Résumé
Nous présentons dans cet article un nouveau formalisme, nommé Timed Secure Colored Petri Net (Tscpn) pour vérifier la sécurité de manière formelle et systématique.Tscpn est un modèle de sécurité pour exprimer les contraintes de temps sur les informations (disponibilité) ainsi que les principes du flot d’informations au moyen de politiques de sécurité multi-niveaux (telle que la politique de Bell-LaPadula) dans un environnement décentralisé. Nous proposons aussi une méthode d’analyse adaptée basée sur la construction de l’espace des états du modèle pour vérifier les propriétés de sécurité. Cependant, les modèles temporels étant généralement infinis, l’analyse duTscpn nécessite une contraction de l’espace des états pour le transformer en un graphe fini (graphe de classes d’états) préservant les propriétés à vérifier. À partir de ce graphe, il est possible de vérifier la confidentialité, l’intégrité, renforcer le contrôle du flot d’information, exprimer l’accès temporel aux informations ainsi que leur disponibilité. L’utilisation de cette méthode formelle contribue à éliminer plusieurs risques de sécurité lors des phases amont de la conception.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Biba (K. J.), Integrity considerations for secure computer systems. ReportMtr-3153,Mitre Corporation, Bedford, 1977.
Bell (D. E.),Lapadula (L. J.), Secure computer systems: Mathematical foundations. ReportMtr-2547,Mitre Corporation, Bedford, 1973.
Boucheneb (H.),Berthelot (G.), Contraction of theItcpn state space,Electronic Notes in Theoretical Computer Science,65 issue 6, 2002.
Boucheneb (H.),Mullins (J.), Analyse des réseaux de Petri temporels. Calculs des classes en O(n2) et des temps de chemin en O(m × n),Technique et Science Informatiques,22, no 4, 2003.
Bryans (J. W.),Koutny (M.),Ryan (P. Y. A.), Modelling opacity using Petri nets. In Proceedings ofWisp, 2004. Electronic Notes in Theoretical Computer Science. 1, 3.1, 3.1.
Bryans (J. W.),Koutny (M.),Ryan (P. Y. A.), Modelling Dynamic Opacity using Petri Nets with Silent Actions. In Proceeding of Formal Aspects of Security and Trust.Kluwer Academic Press, 2004.
Bryans (J. W.),Koutny (M.),Mazaré (L.),Ryan (P. Y. A.), Opacity Generalized to Transitions Systems,Cstr 868, University of Newcastle, 2004.
Busi (N.),Gorrieri (R.), Structural Non-interference with Petri Nets. Workshop on Issues in the Theory of Security (Wits’04), 2004.
Busi (N.),Gorrieri (R.), A survey on Non-interference with Petri Nets. Advanced Course on Petri Nets 2003, SpringerLncs.
Denning (D. E.), A Lattice Model of Secure Information Flow, Communications of theAcm,19, no, 5:236–243,1976.
Diaz (M.), Les Réseaux de Petri — Modèles fondamentaux,Hermes Science Publications, 2001.
Dill (D. L.), Timing assumptions and verification of finite-state concurrent systems. In J. Sifakis, editor, Automatic Verification Methods for Finite State Systems, no. 407 ofLncs.Springer, 1989.
Goguen (J. A.),Meseguer (J.), Security policies and security models. In 1982 IEEE computer society symposium on Security and Privacy, pages 11–20, Oakland, USA, 1982.
Hadjidj (R.),Boucheneb (H.), Much compact time petri net state class spaces useful to restoreCtl* properties, in Proc. of the Fifth International Conference on Application of Concurrency to System Design (Acsd’2005), IEEE Computer Society Press, 2005.
Harrizon (M. A.), Ruzzo (W.L.), Ullman (J. D.), Protection in operating systems. Communications of theAcm, 19(8): 461–471, 1976.
Jensen (K.), Colored Petri Nets: Basic concepts, Analysis Methods and Practical use,1, 2,Eatcs Mongraphs on Theoretical computer Science,Springer Verlag, 1982.
Juopperi (J.), PrT-net Based Analysis of information Flow, Helsinki University of Technology, Digital Systems Laboratory, Series A: Research Report no 34, 1995.
Juszczyszyn (K.), Verifiying Entreprise’s Mandatory Access Control Policies with colored Petri Nets, Wroclaw University of Technology, 2003.
Knorr (K.), Multilevel Security and Information Flow in Petri Net Workflows,Proc. of the 9th International Conference on Telecommunication Systems -Modeling and Analysis, Special Session on Security Aspects of Telecommunication Systems, 2001, pp.9–20.
Knorr (K.), Dynamic Access control through Petri Net Workflows. Computer Security ApplicationsAcsac’00. 16th Annual Conference, 2000, pp. 159–167.
Myers (A. C),Liskov (B.), A Decentralized model for information flow control. In Proc. 26th Acm Symp. on Principles of Programming Languages (Popl), pages 228–241, San Antonio,Tx, Jan. 1999.
Petri (C. A.), Kommunikation mit Automaten. PhD thesis, Institut fr instrumente lle Mathematik, Bonn, 1962.
Sandhu (R.), Coyne (E. J.), Feinstein (H. L.), Youman (C. E.), Role-Based Access Control Models,IEEE Computer,29, no 2, 1996, pp. 38–47
Shafiq (B.),Joshi (J.),Ghafoor (A.), A Petri-net Model for Verification and Validation of Role-Based Access Control Model,Cerias tr 2002-33, Purdue University.
Shafiq (B.),Masood (A.),Joshi (J.),Ghafoor (A.), A Role-Based Access Control policy verification framework for real-time systems. In Proc. 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems,Words 2005, pages 13–20.
Varadharajan (V), Hook-up property for information flow secure nets. In The Computer Security Foundations Workshop IV, pages 154–175, 1991.
Van Der Aalst (W. M. P.), Interval Timed Colored Petri Nets and Their Analysis, 14th International Conference of Application and Theory of Petri Nets, 1993.
Wedde (H. F.), Lischka (M.), Cooperative role-based administration. In Proceedings of the 8thAcm Symposium on Access Control Models and Technologies (sacmat), E. Ferrari and D. Ferraiolo, eds.Acm sigsac, acm Press, Como, Italy, 2003.
Yixin (J.),Chuang (L.),Hao (Y.),Zhangxi (T.), Security Analysis of Mandatory Access Control Model. Proceedings of the 2004 IEEE International Conference on Information Reuse and Integration, p. 271–276.
Yovine (S.), Méthodes et outils pour la vérification symbolique de systèmes temporisés, Thèse de Doctorat, Institut National Polytechnique de Grenoble, France, May 1993.
Author information
Authors and Affiliations
Additional information
Research supported by the NSERC grant num.238841-200
Rights and permissions
About this article
Cite this article
Rakkay, H., Boucheneb, H. Timed secure colored Petri net based analysis of information flow. Ann. Télécommun. 61, 1314–1346 (2006). https://doi.org/10.1007/BF03219899
Received:
Accepted:
Issue Date:
DOI: https://doi.org/10.1007/BF03219899
Key words
- Petri net
- Graph coloration
- Communication security
- State space method
- Relaxation method
- Information transfer
- Time analysis
- Formal method
- Temporal logic