Deriving Enforcement Mechanisms from Policies

Author

Janicke, Helge ; Cau, Antonio ; Siewe, François ; Zedan, Hussein

Author_Institution

De Montfort Univ., Leicester

fYear

2007

fDate

13-15 June 2007

Firstpage

161

Lastpage

172

Abstract

Policies provide a flexible and scalable approach to the management of distributed systems by separating the specification of security requirements and their enforcement Over the years the expressiveness of policy languages increased considerably making it possible to capture a variety of complex requirements that for example depend on the history of the system execution. The most important criteria for the successful operation of policy-managed systems is whether the deployed enforcement mechanisms can guarantee the compliance with the policies. With the expressiveness of policy languages this assurance is increasingly difficult to achieve. In this paper we therefore address the development of enforcement mechanisms from a theoretical perspective and show how enforcement code can be formally derived for compositional, history-dependent policies that can change dynamically over time or on the occurrence of events.

Keywords

distributed processing; security of data; distributed systems management; enforcement mechanisms; policy languages; policy-managed systems; security requirements specification; system execution; Access control; Concrete; History; Information analysis; Information security; Laboratories; Large-scale systems; Research and development management; Resource management; Technology management;

fLanguage

English

Publisher

ieee

Conference_Titel

Policies for Distributed Systems and Networks, 2007. POLICY '07. Eighth IEEE International Workshop on

Conference_Location

Bologna

Print_ISBN

0-7695-2767-1

Type

conf

DOI

10.1109/POLICY.2007.15

Filename

4262583