@article {10.3844/ajassp.2008.1117.1126,
article_type = {journal},
title = {Security Policy Development: Towards a Life-Cycle and Logic-Based Verification Model},
author = {Wahsheh, Luay A. and Alves-Foss, Jim},
volume = {5},
year = {2008},
month = {Sep},
pages = {1117-1126},
doi = {10.3844/ajassp.2008.1117.1126},
url = {https://thescipub.com/abstract/ajassp.2008.1117.1126},
abstract = {Although security plays a major role in the design of software systems, security requirements and policies are usually added to an already existing system, not created in conjunction with the product. As a result, there are often numerous problems with the overall design. In this paper, we discuss the relationship between software engineering, security engineering, and policy engineering and present a security policy life-cycle; an engineering methodology to policy development in high assurance computer systems. The model provides system security managers with a procedural engineering process to develop security policies. We also present an executable Prolog-based model as a formal specification and knowledge representation method using a theorem prover to verify system correctness with respect to security policies in their life-cycle stages.},
journal = {American Journal of Applied Sciences},
publisher = {Science Publications}
}