Title :
Deriving Enforcement Mechanisms from Policies
Author :
Janicke, Helge ; Cau, Antonio ; Siewe, François ; Zedan, Hussein
Author_Institution :
De Montfort Univ., Leicester
Abstract :
Policies provide a flexible and scalable approach to the management of distributed systems by separating the specification of security requirements and their enforcement Over the years the expressiveness of policy languages increased considerably making it possible to capture a variety of complex requirements that for example depend on the history of the system execution. The most important criteria for the successful operation of policy-managed systems is whether the deployed enforcement mechanisms can guarantee the compliance with the policies. With the expressiveness of policy languages this assurance is increasingly difficult to achieve. In this paper we therefore address the development of enforcement mechanisms from a theoretical perspective and show how enforcement code can be formally derived for compositional, history-dependent policies that can change dynamically over time or on the occurrence of events.
Keywords :
distributed processing; security of data; distributed systems management; enforcement mechanisms; policy languages; policy-managed systems; security requirements specification; system execution; Access control; Concrete; History; Information analysis; Information security; Laboratories; Large-scale systems; Research and development management; Resource management; Technology management;
Conference_Titel :
Policies for Distributed Systems and Networks, 2007. POLICY '07. Eighth IEEE International Workshop on
Conference_Location :
Bologna
Print_ISBN :
0-7695-2767-1
DOI :
10.1109/POLICY.2007.15
