Abstract: In the present specification, a methodology for incremental security policy specification at varying levels of abstraction is disclosed. The method maintains strict equivalence with respect to authorization state and is based on the group-centric secure information sharing (g-SIS) domain, which is known in the art. A g-SIS authorization policy is specified statelessly, in that it focuses solely on specifying the precise conditions under which authorization can hold in the system while only considering the history of actions that have occurred. The policy supports join, leave, add, and remove operations, which may have either strict or liberal semantics. The stateful application policy is then specified using linear temporal logic. The stateful specification is authorization equivalent to the stateless specification, and may enforce well-formedness constraints.

Abstract: In the present specification, a methodology for incremental security policy specification at varying levels of abstraction is disclosed. The method maintains strict equivalence with respect to authorization state and is based on the group-centric secure information sharing (g-SIS) domain, which is known in the art. A g-SIS authorization policy is specified statelessly, in that it focuses solely on specifying the precise conditions under which authorization can hold in the system while only considering the history of actions that have occurred. The policy supports join, leave, add, and remove operations, which may have either strict or liberal semantics. The stateful application policy is then specified using linear temporal logic. The stateful specification is authorization equivalent to the stateless specification, and may enforce well-formedness constraints.