Towards alignment of architectural domains in security policy specifications

V. Nunes Leal Franqueira; Pascal van Eck

Towards alignment of architectural domains in security policy specifications

V. Nunes Leal Franqueira, Pascal van Eck

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

57 Downloads (Pure)

Abstract

Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be maintained, leading to alignment problems. Approaches from the area of model-driven security enable creating graphical models that span all three domains, but these models do not scale well in real-world scenarios with hundreds of applications and thousands of user roles. In this paper, we demonstrate the feasibility of aligning all three domains in a single enforceable security policy expressed in a Prolog-based formalism by using the Law Governed Interaction (LGI) framework. Our approach alleviates the limitations of policy formalisms that are domain-specific while helping to reach scalability by automatic enforcement provided by LGI.

Original language	Undefined
Title of host publication	Proccedings of the 8th International Symposium on System and Information Security
Editors	J.M. Parente de Oliveira, C.B. Westphall, J.C. Brustoloni
Place of Publication	Brazil
Publisher	Fundacao Casimiro Montenegro Filho - CTA/ITA
Pages	-
Number of pages	9
ISBN (Print)	85-87978-13-6
Publication status	Published - 8 Nov 2006
Event	Proccedings of the 8th International Symposium on System and Information Security - Sao Jose dos Campos, Brazil Duration: 8 Nov 2006 → 10 Nov 2006

Publication series

Name
Publisher	Fundacao Casimiro Montenegro Filho - CTA/ITA
Number	2

Other

Other	Proccedings of the 8th International Symposium on System and Information Security
Period	8/11/06 → 10/11/06
Other	08-10 Nov 2006

Keywords

EWI-7542
SCS-Services
METIS-238229
IR-66512

Access to Document

Cite this

@inproceedings{998e0e6e1c7549e0bdbfda7cc85aa3cf,

title = "Towards alignment of architectural domains in security policy specifications",

abstract = "Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be maintained, leading to alignment problems. Approaches from the area of model-driven security enable creating graphical models that span all three domains, but these models do not scale well in real-world scenarios with hundreds of applications and thousands of user roles. In this paper, we demonstrate the feasibility of aligning all three domains in a single enforceable security policy expressed in a Prolog-based formalism by using the Law Governed Interaction (LGI) framework. Our approach alleviates the limitations of policy formalisms that are domain-specific while helping to reach scalability by automatic enforcement provided by LGI.",

keywords = "EWI-7542, SCS-Services, METIS-238229, IR-66512",

author = "{Nunes Leal Franqueira}, V. and {van Eck}, Pascal",

year = "2006",

month = nov,

day = "8",

language = "Undefined",

isbn = "85-87978-13-6",

publisher = "Fundacao Casimiro Montenegro Filho - CTA/ITA",

number = "2",

pages = "--",

editor = "{Parente de Oliveira}, J.M. and C.B. Westphall and J.C. Brustoloni",

booktitle = "Proccedings of the 8th International Symposium on System and Information Security",

note = "Proccedings of the 8th International Symposium on System and Information Security ; Conference date: 08-11-2006 Through 10-11-2006",

}

Nunes Leal Franqueira, V & van Eck, P 2006, Towards alignment of architectural domains in security policy specifications. in JM Parente de Oliveira, CB Westphall & JC Brustoloni (eds), Proccedings of the 8th International Symposium on System and Information Security. Fundacao Casimiro Montenegro Filho - CTA/ITA, Brazil, pp. -, Proccedings of the 8th International Symposium on System and Information Security, 8/11/06.

Towards alignment of architectural domains in security policy specifications. / Nunes Leal Franqueira, V.; van Eck, Pascal.
Proccedings of the 8th International Symposium on System and Information Security. ed. / J.M. Parente de Oliveira; C.B. Westphall; J.C. Brustoloni. Brazil: Fundacao Casimiro Montenegro Filho - CTA/ITA, 2006. p. -.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Towards alignment of architectural domains in security policy specifications

AU - Nunes Leal Franqueira, V.

AU - van Eck, Pascal

PY - 2006/11/8

Y1 - 2006/11/8

N2 - Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be maintained, leading to alignment problems. Approaches from the area of model-driven security enable creating graphical models that span all three domains, but these models do not scale well in real-world scenarios with hundreds of applications and thousands of user roles. In this paper, we demonstrate the feasibility of aligning all three domains in a single enforceable security policy expressed in a Prolog-based formalism by using the Law Governed Interaction (LGI) framework. Our approach alleviates the limitations of policy formalisms that are domain-specific while helping to reach scalability by automatic enforcement provided by LGI.

AB - Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be maintained, leading to alignment problems. Approaches from the area of model-driven security enable creating graphical models that span all three domains, but these models do not scale well in real-world scenarios with hundreds of applications and thousands of user roles. In this paper, we demonstrate the feasibility of aligning all three domains in a single enforceable security policy expressed in a Prolog-based formalism by using the Law Governed Interaction (LGI) framework. Our approach alleviates the limitations of policy formalisms that are domain-specific while helping to reach scalability by automatic enforcement provided by LGI.

KW - EWI-7542

KW - SCS-Services

KW - METIS-238229

KW - IR-66512

M3 - Conference contribution

SN - 85-87978-13-6

SP - -

BT - Proccedings of the 8th International Symposium on System and Information Security

A2 - Parente de Oliveira, J.M.

A2 - Westphall, C.B.

A2 - Brustoloni, J.C.

PB - Fundacao Casimiro Montenegro Filho - CTA/ITA

CY - Brazil

T2 - Proccedings of the 8th International Symposium on System and Information Security

Y2 - 8 November 2006 through 10 November 2006

ER -