Policy languages are used by automated verification approaches (e.g., model checking) to express softwares' security requirements (e.g., confidentiality, integrity, and availability). On the one hand, a policy language should be expressive enough to capture real-life requirements; on the other hand, it should be amenable to formal interpretation and reasoning to enable automated verification. As such, there are plenty of design choices of policy languages for software security.
In this seminar, we will consider recent research papers on how policy languages are designed and used to express software security requirements, and on how to verify programs against given policies in an automatic way.
Last modified on 12 June 2013.