Security level evaluation: policy and fuzzy techniques

In a world made of interconnected systems that manage huge amount of confidential and shared data, security plays a significant role. Policies are the means by which security rules are defined and enforced. The ability of evaluating policies is becoming more and more relevant, especially when referred to cooperation of services belonging to untrusted domains. Here we have focused our attention on public key infrastructures (PKIs); at the state of the art security policies evaluation is expressed by means of security levels. However, policy evaluation must face uncertainty deriving from different perspectives, verbal judgments and lack of information. Fuzzy techniques and uncertainty reasoning can provide a meaningful way of dealing with these issues. We illustrate a fuzzy technique to evaluate the security level for a given policy against a set of reference policy levels.

[1]  Warwick Ford,et al.  Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework , 2003, RFC.

[2]  Luigi Troiano,et al.  A Rule-Based Method to Aggregate Criteria with Different Relevance , 2003, IFSA.

[3]  Luigi Troiano,et al.  The importance of dealing with uncertainty in the evaluation of software engineering methods and tools , 2002, SEKE '02.

[4]  Ronald R. Yager,et al.  On ordered weighted averaging aggregation operators in multicriteria decision-making , 1988 .

[5]  Valeria Vittorini,et al.  Policy formalization to combine separate systems into larger connected network of trust , 2002, Net-Con.

[6]  Hilary H. Hosmer,et al.  Using fuzzy logic to represent security policies in the multipolicy paradigm , 1992, SGSC.

[7]  Luigi Troiano,et al.  A Tool for Decision Support Implementing OFNWA Approach: A Case Study , 2003, SEKE.

[8]  Paul Douglas,et al.  Proceedings International Conference on Information Technology: Coding and Computing , 2002, Proceedings. International Conference on Information Technology: Coding and Computing.

[9]  Siegfried Gottwald,et al.  Fuzzy Sets and Fuzzy Logic , 1993 .

[10]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[11]  Richard Bellman,et al.  Decision-making in fuzzy environment , 2012 .

[12]  Tomaz Klobucar,et al.  A formalisation and evaluation of certificate policies , 1999, Comput. Commun..

[13]  Christian Huitema,et al.  A new approach to the X.509 framework: allowing a global authentication infrastructure without a global trust model , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[14]  Emil C. Lupu,et al.  Conflicts in Policy-Based Distributed Systems Management , 1999, IEEE Trans. Software Eng..

[15]  Jim Turnbull,et al.  Cross-Certification and PKI Policy Networking , 2000 .

[16]  Warwick Ford,et al.  Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework , 1999, RFC.

[17]  Valeria Vittorini,et al.  Policy based interoperability in distributed security infrastructures , 2003, ISPE International Conference on Concurrent Engineering.

[18]  R. Yager Families of OWA operators , 1993 .

[19]  Ronald R. Yager,et al.  On ordered weighted averaging aggregation operators in multicriteria decisionmaking , 1988, IEEE Trans. Syst. Man Cybern..

[20]  Dimitar P. Filev,et al.  Fuzzy SETS AND FUZZY LOGIC , 1996 .