Volume 11, Number 5

Secure Descartes: A Security Extension to Descartes Specification Language


Venkata N Inukollu1 and Joseph E Urban2, 1Purdue University, USA, 2Arizona State University, USA


With increase in demand for the security aspects of software, every phase of the Software Development Life Cycle (SDLC) is experiencing major changes with respect to security. Security designers, developers, and testers are keen on improving various security aspects of a system. Specification of security requirements propagates to different phases of an SDLC and there exist different techniques and methodologies to specify security requirements. Business level security requirements are specified using policy specification languages. The current literature has specification languages that are domain based, web based, network based, syntax based, semantics based, predicate based, and protocol based. In this research effort, a generic secure policy prototype and components of the generic secure policy were defined using formal methods. The Descartes specification language, a formal executable specification language, has been developed to specify software systems. The development of a secure policy framework along with extended constructs of the Descartes specification language for specifying secure policies are some of the deliverables of this research effort. Concepts of secure policies were adopted from the SPromela, Ponder, and REI methodologies for secure policy specification, analysis, and design.


Policy language, Secure policy language, Formal methods, Descartes specification language, & SDLC.