Security policy refinement using data integration: a position paper.
File(s)safeconfig.pdf (135.05 KB)
Accepted version
Author(s)
Craven, Robert
Lobo, Jorge
Lupu, Emil
Russo, Alessandra
Sloman, Morris
Type
Conference Paper
Abstract
In spite of the wide adoption of policy-based approaches for security management, and many existing treatments of pol- icy verification and analysis, relatively little attention has been paid to policy refinement: the problem of deriving lower-level, runnable policies from higher-level policies, pol- icy goals, and specifications. In this paper we present our initial ideas on this task, using and adapting concepts from data integration. We take a view of policies as governing the performance of an action on a target by a subject, possibly with certain conditions. Transformation rules are applied to these components of a policy in a structured way, in order to translate the policy into more refined terms; the transfor- mation rules we use are similar to those of ‘global-as-view’ database schema mappings, or to extensions thereof. We illustrate our ideas with an example.
Editor(s)
Al-Shaer, Ehab
Gouda, Mohamed G
Lobo, Jorge
Narain, Sanjai
Wu, Felix
Date Issued
2009
Citation
SafeConfig, 2009, pp.25-28
ISBN
978-1-60558-778-3
Publisher
ACM
Start Page
25
End Page
28
Journal / Book Title
SafeConfig
Copyright Statement
© 2009 ACM. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in SafeConfig '09 Proceedings (Nov 2009) http://dx.doi.org/10.1145/1655062.1655068
Description
30.01.13 KB. Accepted version ok to add to Spiral. ACM policy
Identifier
http://dl.acm.org/citation.cfm?id=1655062
Publisher URL