Security policies are rules that constrain the behaviour of a system. Different, largely unrelated sets of rules typically govern the physical and logical worlds. However, increased hardware and software mobility forces us to consider those rules in an integrated fashion. We present SPIN models of four case studies where mobility plays a role. In each case the model captures both the system of interest and its security policy. The model is then formally checked against a property that represents a principle from the problem domain. The model checking activity shows many examples of policies that are too weak to cope with mobility.
Pieter H. Hartel, Pascal van Eck, Sandro Etalle, R