Towards alignment of architectural domains in security policy specifications

V. Nunes Leal Franqueira, Pascal van Eck

    Research output: Book/ReportReportProfessional

    13 Downloads (Pure)

    Abstract

    Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be maintained, leading to alignment problems. Approaches from the area of model-driven security enable creating graphical models that span all three domains, but these models do not scale well in real-world scenarios with hundreds of applications and thousands of user roles. In this paper, we demonstrate the feasibility of aligning all three domains in a single enforceable security policy expressed in a Prolog-based formalism by using the Law Governed Interaction (LGI) framework. Our approach alleviates the limitations of policy formalisms that are domain-specific while helping to reach scalability by automatic enforcement provided by LGI.
    Original languageUndefined
    Place of PublicationEnschede
    PublisherCentrum voor Telematica en Informatie Technologie
    Number of pages16
    Publication statusPublished - Jun 2006

    Publication series

    NameCTIT Technical Report Series
    PublisherCentre for Telematics and Information Technology, University of Twente
    No.06-31
    ISSN (Print)1381-3625

    Keywords

    • METIS-238636
    • EWI-2754
    • SCS-Services
    • IR-65613

    Cite this

    Nunes Leal Franqueira, V., & van Eck, P. (2006). Towards alignment of architectural domains in security policy specifications. (CTIT Technical Report Series; No. 06-31). Enschede: Centrum voor Telematica en Informatie Technologie.