• a procedure to synthesize an automata-based implementation of a security policy;
• an automata-based method to:
◦ verify if a security policy is complete;
◦ verify if a security policy contains anomalies;
◦ detect functional discrepancies between several
implementations of a security policy.
As future work, we propose to study the composition of
our results with an initial specification of the system in order
to obtain a secure system by construction.
We also intend to use our automata-based approach to study
the following elements:
• Study the space and time complexities of the various
operations used in our approach, such as: synchronous
product, verifying completeness, detecting anomalies,
and detecting discrepancies.
• Develop a general method to detect all categories of
anomalies in a security policy.
• Test the conformance of a security policy and verify
if it violates given requirements.
• Design security policies that can adapt dynamically to
the filtered traffic.