Verifying Security Policies using Host Attributes
This work addresses network security verification for end users, but it appears incremental as it builds on existing formal methods.
The paper tackled the problem of formally verifying network security policies by discovering and proving universal insights about security invariants, enabling secure auto-completion of host attribute configurations, with all results machine-verified using Isabelle/HOL.
For the formal verification of a network security policy, it is crucial to express the verification goals. These formal goals, called security invariants, should be easy to express for the end user. Focusing on access control and information flow security strategies, this work discovers and proves universal insights about security invariants. This enables secure and convenient auto-completion of host attribute configurations. We demonstrate our results in a civil aviation scenario. All results are machine-verified with the Isabelle/HOL theorem prover.