research-article

Security policy refinement using data integration: a position paper

Authors:

Morris SlomanAuthors Info & Claims

SafeConfig '09: Proceedings of the 2nd ACM workshop on Assurable and usable security configuration

Pages 25 - 28

https://doi.org/10.1145/1655062.1655068

Published: 09 November 2009 Publication History

Get Access

Abstract

In spite of the wide adoption of policy-based approaches for security management, and many existing treatments of policy verification and analysis, relatively little attention has been paid to policy refinement: the problem of deriving lower-level, runnable policies from higher-level policies, policy goals, and specifications. In this paper we present our initial ideas on this task, using and adapting concepts from data integration. We take a view of policies as governing the performance of an action on a target by a subject, possibly with certain conditions. Transformation rules are applied to these components of a policy in a structured way, in order to translate the policy into more refined terms; the transformation rules we use are similar to those of `global-as-view' database schema mappings, or to extensions thereof. We illustrate our ideas with an example.

References

[1]

A. Bandara, S. Calo, R. Craven, J. Lobo, E. Lupu, J. Ma, A. Russo, and M. Sloman. An expressive policy analysis framework with enhanced system dynamicity. TR, Department of Computing, Imperial College London, 2008.

Google Scholar

[2]

C. Brodie, C.-M. Karat, and J. Karat. An empirical study of natural language parsing of privacy policy rules using the sparcle policy workbench. In L. F. Cranor, editor, SOUPS, volume 149 of ACM International Conference Proceeding Series, pages 8--19. ACM, 2006.

Digital Library

Google Scholar

[3]

R. Craven, J. Lobo, J. Ma, A. Russo, E. Lupu, A. Bandara, S. Calo, and M. Sloman. Expressive policy analysis with enhanced system dynamicity. In ASIACCS, pages 239--250. ACM, 2009.

Digital Library

Google Scholar

[4]

N. Damianou, N. Dulay, E. Lupu, and M. Sloman. The ponder policy specification language. In M. Sloman, J. Lobo, and E. Lupu, editors, POLICY, volume 1995 of LNCS, pages 18--38. Springer, 2001.

Digital Library

Google Scholar

[5]

O. M. Duschka and M. R. Genesereth. Query planning in infomaster. In SAC, pages 109--111, 1997.

Digital Library

Google Scholar

[6]

O. M. Duschka, M. R. Genesereth, and A. Y. Levy. Recursive query plans for data integration. J. Log. Program., 43(1):49--73, 2000.

Crossref

Google Scholar

[7]

A. J. I. Jones and M. J. Sergot. A formal characterisation of institutionalised power. Logic Journal of the IGPL, 4(3):427--443, 1996.

Crossref

Google Scholar

[8]

R. Kowalski and M. Sergot. A logic-based calculus of events. New Generation Computing, 4:67--95, 1986.

Digital Library

Google Scholar

[9]

A. Y. Levy, A. Rajaraman, and J. J. Ordille. Querying heterogeneous information sources using source descriptions. In T. M. Vijayaraman, A. P. Buchmann, C. Mohan, and N. L. Sarda, editors, VLDB, pages 251--262. Morgan Kaufmann, 1996.

Digital Library

Google Scholar

[10]

OASIS XACML TC. extensible access control markup language (XACML) v2.0, 2005.

Google Scholar

Cited By

View all

Masip-Bruin XMarín-Tordera ERuiz JJukan ATrakadas PCernivec ALioy ALópez DSantos HGonos ASilva ASoriano JKalogiannis G(2021)Cybersecurity in ICT Supply Chains: Key Challenges and a Relevant ArchitectureSensors10.3390/s2118605721:18(6057)Online publication date: 9-Sep-2021
https://doi.org/10.3390/s21186057
Pieters WDimkov TPavlovic D(2013)Security Policy Alignment: A Formal ApproachIEEE Systems Journal10.1109/JSYST.2012.22219337:2(275-287)Online publication date: Jun-2013
https://doi.org/10.1109/JSYST.2012.2221933
Craven RLobo JLupu ERusso ASloman MChemouil PMehaoua AFestor OLupu E(2011)Policy refinementProceedings of the 7th International Conference on Network and Services Management10.5555/2147671.2147690(115-123)Online publication date: 24-Oct-2011
https://dl.acm.org/doi/10.5555/2147671.2147690
Show More Cited By

Index Terms

Security policy refinement using data integration: a position paper
1. Social and professional topics
  1. Professional topics
    1. Management of computing and information systems

Recommendations

Security Policy Refinement: High-Level Specification to Low-Level Implementation
SOCIALCOM '13: Proceedings of the 2013 International Conference on Social Computing

Security and privacy policies are stated in the context of abstract concepts such as users/roles, objects and actions that relate to a specific level of abstraction in the system design. Refinement of the abstract design down to lower level ...
Integration of security policy into system modeling
B'07: Proceedings of the 7th international conference on Formal Specification and Development in B

We address the proof-based development of (system) models satisfying a security policy. The security policy is expressed in a model called OrBAC, which allows one to state permissions and prohibitions on actions and activities and belongs to the family ...
Security policy enforcement through refinement process
B'07: Proceedings of the 7th international conference on Formal Specification and Development in B

In the area of networks, a common method to enforce a security policy expressed in a high-level language is based on an ad-hoc and manual rewriting process [24]. We argue that it is possible to build a formal link between concrete and abstract terms, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SafeConfig '09: Proceedings of the 2nd ACM workshop on Assurable and usable security configuration

November 2009

88 pages

ISBN:9781605587783

DOI:10.1145/1655062

General Chairs:
Ehab Al-Shaer
UNC Charlotte
,
Mohamed Gouda
UT Austin
,
Program Chairs:
Jorge Lobo
IBM T. J. Watson Research Center
,
Sanjai Narain
Telcordia
,
Felix Wu
UC Davis

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 November 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '09

Sponsor:

SIGSAC

CCS '09: 16th ACM Conference on Computer and Communications Security 2009

November 9, 2009

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 22 of 61 submissions, 36%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
193
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)1

Reflects downloads up to 30 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Masip-Bruin XMarín-Tordera ERuiz JJukan ATrakadas PCernivec ALioy ALópez DSantos HGonos ASilva ASoriano JKalogiannis G(2021)Cybersecurity in ICT Supply Chains: Key Challenges and a Relevant ArchitectureSensors10.3390/s2118605721:18(6057)Online publication date: 9-Sep-2021
https://doi.org/10.3390/s21186057
Pieters WDimkov TPavlovic D(2013)Security Policy Alignment: A Formal ApproachIEEE Systems Journal10.1109/JSYST.2012.22219337:2(275-287)Online publication date: Jun-2013
https://doi.org/10.1109/JSYST.2012.2221933
Craven RLobo JLupu ERusso ASloman MChemouil PMehaoua AFestor OLupu E(2011)Policy refinementProceedings of the 7th International Conference on Network and Services Management10.5555/2147671.2147690(115-123)Online publication date: 24-Oct-2011
https://dl.acm.org/doi/10.5555/2147671.2147690
Zhao HLobo JRoy ABellovin S(2011)Policy refinement of network services for MANETs12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops10.1109/INM.2011.5990681(113-120)Online publication date: May-2011
https://doi.org/10.1109/INM.2011.5990681
Craven RLobo JLupu ERusso ASloman M(2010)Decomposition techniques for policy refinement2010 International Conference on Network and Service Management10.1109/CNSM.2010.5691331(72-79)Online publication date: Oct-2010
https://doi.org/10.1109/CNSM.2010.5691331

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Security Policy Refinement: High-Level Specification to Low-Level Implementation

Integration of security policy into system modeling

Security policy enforcement through refinement process