Return to search

Modelling multi-layered network and security architectures using mathematical logic

Complex systems, be they natural or synthetic, are ubiquitous. In particular, complex networks of devices and services underpin most of society's operations. By their very nature, such systems are di cult to conceptualize and reason about e ectively. One seemingly natural notion, which helps to manage complexity and which is commonly found in discussions of complex systems, is that of layering: the system is considered to consist of a collection of interconnected layers that have distinct, identi able roles in the overall operations of the system. Noting that graphs are a key formalism in the description of complex systems, this thesis establishes a notion of a layered graph. A logical characterization of this notion of layering using a non-associative, non-commutative substructural, sepa- rating logic is provided. In addition, soundness and completeness results for a class of algebraic models that includes layered graphs are provided, which give a math- ematically substantial semantics to this very weak logic. Examples in information processing and security are used to show the applicability of the logic. The examples given use an informal notion of action. The thesis also presents a discussion of a number of possible languages that could be used to provide a dynamic extension of the logic. The key components of each language are identi ed and the semantics that would be required in the case of a full, theoretical, development are presented. Examples, mainly in access control, are used to illustrate situations where each extension could be applied. The logic is then used to describe a uniform logical framework for reasoning compositionally about access control policy models. The approach takes account of the underlying system architecture, and so provides a way to identify and reason about how vulnerabilities may arise (and be removed) as a result of the architecture of the system. The logic is then used to describe a uniform logical framework for reasoning compositionally about access control policy models. The approach takes account of the underlying system architecture, and so provides a way to identify and reason about how vulnerabilities may arise (and be removed) as a result of the architecture of the system. Using frame rules, it is also considered how local properties of access control policies are maintained as the system architecture evolves.

Identiferoai:union.ndltd.org:bl.uk/oai:ethos.bl.uk:619189
Date January 2014
CreatorsMcDonald, Kevin
PublisherUniversity of Aberdeen
Source SetsEthos UK
Detected LanguageEnglish
TypeElectronic Thesis or Dissertation
Sourcehttp://digitool.abdn.ac.uk:80/webclient/DeliveryManager?pid=214154

Page generated in 0.0056 seconds