| | |
Summary: A Model-Based Approach to Integrating Security Policies
for Embedded Devices
Michael McDougall
mmcdouga@cis.upenn.edu
Rajeev Alur
alur@cis.upenn.edu
Carl A. Gunter
gunter@cis.upenn.edu
Department of Computer and Information Science
University of Pennsylvania
Philadelphia, PA, 19147, USA
ABSTRACT
Embedded devices like smart cards can now run multiple inter-
acting applications. A particular challenge in this domain is to
dynamically integrate diverse security policies. In this paper we
show how a framework based on a concise formal model lets us
securely customize a payment card equipped with a programmable
chip. We present policy automata, a formal model of computations
that grant or deny access to a resource. This model combines de-
feasible logic with state machines, representing complex policies as
|
