Towards alignment of architectural domains in security policy specifications

V. Nunes Leal Franqueira, Pascal van Eck

Research output: Book/ReportReportProfessional

11 Downloads (Pure)

Abstract

Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be maintained, leading to alignment problems. Approaches from the area of model-driven security enable creating graphical models that span all three domains, but these models do not scale well in real-world scenarios with hundreds of applications and thousands of user roles. In this paper, we demonstrate the feasibility of aligning all three domains in a single enforceable security policy expressed in a Prolog-based formalism by using the Law Governed Interaction (LGI) framework. Our approach alleviates the limitations of policy formalisms that are domain-specific while helping to reach scalability by automatic enforcement provided by LGI.
Original languageUndefined
Place of PublicationEnschede
PublisherCentrum voor Telematica en Informatie Technologie
Number of pages16
Publication statusPublished - Jun 2006

Publication series

NameCTIT Technical Report Series
PublisherCentre for Telematics and Information Technology, University of Twente
No.06-31
ISSN (Print)1381-3625

Keywords

  • METIS-238636
  • EWI-2754
  • SCS-Services
  • IR-65613

Cite this

Nunes Leal Franqueira, V., & van Eck, P. (2006). Towards alignment of architectural domains in security policy specifications. (CTIT Technical Report Series; No. 06-31). Enschede: Centrum voor Telematica en Informatie Technologie.
Nunes Leal Franqueira, V. ; van Eck, Pascal. / Towards alignment of architectural domains in security policy specifications. Enschede : Centrum voor Telematica en Informatie Technologie, 2006. 16 p. (CTIT Technical Report Series; 06-31).
@book{2572b86d89a14b169b1d3d0fcef49d5f,
title = "Towards alignment of architectural domains in security policy specifications",
abstract = "Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be maintained, leading to alignment problems. Approaches from the area of model-driven security enable creating graphical models that span all three domains, but these models do not scale well in real-world scenarios with hundreds of applications and thousands of user roles. In this paper, we demonstrate the feasibility of aligning all three domains in a single enforceable security policy expressed in a Prolog-based formalism by using the Law Governed Interaction (LGI) framework. Our approach alleviates the limitations of policy formalisms that are domain-specific while helping to reach scalability by automatic enforcement provided by LGI.",
keywords = "METIS-238636, EWI-2754, SCS-Services, IR-65613",
author = "{Nunes Leal Franqueira}, V. and {van Eck}, Pascal",
note = "http://eprints.ewi.utwente.nl/2754",
year = "2006",
month = "6",
language = "Undefined",
series = "CTIT Technical Report Series",
publisher = "Centrum voor Telematica en Informatie Technologie",
number = "06-31",

}

Nunes Leal Franqueira, V & van Eck, P 2006, Towards alignment of architectural domains in security policy specifications. CTIT Technical Report Series, no. 06-31, Centrum voor Telematica en Informatie Technologie, Enschede.

Towards alignment of architectural domains in security policy specifications. / Nunes Leal Franqueira, V.; van Eck, Pascal.

Enschede : Centrum voor Telematica en Informatie Technologie, 2006. 16 p. (CTIT Technical Report Series; No. 06-31).

Research output: Book/ReportReportProfessional

TY - BOOK

T1 - Towards alignment of architectural domains in security policy specifications

AU - Nunes Leal Franqueira, V.

AU - van Eck, Pascal

N1 - http://eprints.ewi.utwente.nl/2754

PY - 2006/6

Y1 - 2006/6

N2 - Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be maintained, leading to alignment problems. Approaches from the area of model-driven security enable creating graphical models that span all three domains, but these models do not scale well in real-world scenarios with hundreds of applications and thousands of user roles. In this paper, we demonstrate the feasibility of aligning all three domains in a single enforceable security policy expressed in a Prolog-based formalism by using the Law Governed Interaction (LGI) framework. Our approach alleviates the limitations of policy formalisms that are domain-specific while helping to reach scalability by automatic enforcement provided by LGI.

AB - Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be maintained, leading to alignment problems. Approaches from the area of model-driven security enable creating graphical models that span all three domains, but these models do not scale well in real-world scenarios with hundreds of applications and thousands of user roles. In this paper, we demonstrate the feasibility of aligning all three domains in a single enforceable security policy expressed in a Prolog-based formalism by using the Law Governed Interaction (LGI) framework. Our approach alleviates the limitations of policy formalisms that are domain-specific while helping to reach scalability by automatic enforcement provided by LGI.

KW - METIS-238636

KW - EWI-2754

KW - SCS-Services

KW - IR-65613

M3 - Report

T3 - CTIT Technical Report Series

BT - Towards alignment of architectural domains in security policy specifications

PB - Centrum voor Telematica en Informatie Technologie

CY - Enschede

ER -

Nunes Leal Franqueira V, van Eck P. Towards alignment of architectural domains in security policy specifications. Enschede: Centrum voor Telematica en Informatie Technologie, 2006. 16 p. (CTIT Technical Report Series; 06-31).