A policy-based methodology for security evaluation: A Security Metric for Public Key Infrastructures

The security of complex infrastructures depends on many technical and organizational issues that need to be properly addressed by a security policy. For purpose of our discussion, we define a security policy as a document that states what is and what is not allowed in a system during normal operation; it consists of a set of rules that could be expressed in formal, semi-formal or very informal language. In many contexts, a system can be considered secure and trustworthy if the policy enforced by its security administrator is trustworthy too; from this standpoint it is possible to evaluate the system security by evaluating its policy. In this paper we present a policy-based methodology to formalize and compare policies, and a Security Metric to evaluate the security level that a system is able to grant. All the steps of the methodology will be illustrated with an operative approach, by directly applying it to a real case study: the semi-automated Cross Certification among Public Key Infrastructures.

[1]  Valeria Vittorini,et al.  Policy formalization to combine separate systems into larger connected network of trust , 2002, Net-Con.

[2]  Ueli Maurer,et al.  Modelling a Public-Key Infrastructure , 1996, ESORICS.

[3]  Christian Huitema,et al.  Associating Metrics to Certification Paths , 1992, ESORICS.

[4]  Stephan Grill An Approach to Formally Compare and Query Certification Practice Statements , 2003 .

[5]  Ravi S. Sandhu Good-Enough Security: Toward a Pragmatic Business-Driven Discipline , 2003, IEEE Internet Comput..

[6]  Gustavo A. Santana Torrellas,et al.  Bridge certification authorities: connecting B2B public key infrastructure with PAK and zero-knowledge proof , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[7]  Tomaz Klobucar,et al.  A formalisation and evaluation of certificate policies , 1999, Comput. Commun..

[8]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[9]  Hao Wang,et al.  Security policy reconciliation in distributed computing environments , 2004, Proceedings. Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, 2004. POLICY 2004..

[10]  Romeo Astorri,et al.  Legge 15 marzo 1997, n. 59: "Delega al Governo per il conferimento di funzioni e compiti alle Regioni ed Enti locali, per la riforma della Pubblica Amministrazione e per la semplificazione amministrativa" (estratto) , 1997 .

[11]  Christian Huitema,et al.  A new approach to the X.509 framework: allowing a global authentication infrastructure without a global trust model , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[12]  Evangelos A. Kiountouzis,et al.  Achieving Interoperability in a Multiple-Security- Policies Environment , 2000, Comput. Secur..

[13]  Ethan Cerami,et al.  Building Xml Applications , 1999 .

[14]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[15]  André Zúquete,et al.  SPL: An Access Control Language for Security Policies and Complex Constraints , 2001, NDSS.

[16]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[17]  Judith A. Furlong,et al.  Public Key Infrastructure Study , 1994 .

[18]  Michael K. Reiter,et al.  Authentication metric analysis and design , 1999, TSEC.

[19]  David Elliott Bell,et al.  Looking back at the Bell-La Padula model , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[20]  Warwick Ford,et al.  Secure electronic commerce , 1997 .

[21]  Rüdiger Grimm,et al.  Security Policies in OSI-Management Experiences from the DeTeBerkom Project BMSec , 1996, Comput. Networks ISDN Syst..

[22]  Timothy W. Finin,et al.  A policy language for a pervasive computing environment , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.