论文信息 - Security policy refinement using data integration: a position paper

Security policy refinement using data integration: a position paper

In spite of the wide adoption of policy-based approaches for security management, and many existing treatments of policy verification and analysis, relatively little attention has been paid to policy refinement: the problem of deriving lower-level, runnable policies from higher-level policies, policy goals, and specifications. In this paper we present our initial ideas on this task, using and adapting concepts from data integration. We take a view of policies as governing the performance of an action on a target by a subject, possibly with certain conditions. Transformation rules are applied to these components of a policy in a structured way, in order to translate the policy into more refined terms; the transformation rules we use are similar to those of `global-as-view' database schema mappings, or to extensions thereof. We illustrate our ideas with an example.

Jorge Lobo | Alessandra Russo | Emil C. Lupu | Robert Craven | Morris Sloman

[1] Marek J. Sergot,et al. A logic-based calculus of events , 1989, New Generation Computing.

[2] Joann J. Ordille,et al. Querying Heterogeneous Information Sources Using Source Descriptions , 1996, VLDB.

[3] Clare-Marie Karat,et al. An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench , 2006, SOUPS '06.

[4] Andreas Matheus,et al. How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[5] Jorge Lobo,et al. Expressive policy analysis with enhanced system dynamicity , 2009, ASIACCS '09.

[6] Alon Y. Halevy,et al. Recursive Query Plans for Data Integration , 2000, J. Log. Program..

[7] Emil C. Lupu,et al. The Ponder Policy Specification Language , 2001, POLICY.

[8] Michael R. Genesereth,et al. Query planning in infomaster , 1997, SAC '97.

[9] Marek J. Sergot,et al. A Formal Characterisation of Institutionalised Power , 1996, Log. J. IGPL.