To Support Customers in Easily and Affordably Obtaining the Latest Peer-Reviewed Research, Receive a 20% Discount on ALL Publications and Free Worldwide Shipping on Orders Over US$ 295
Additionally, Enjoy an Additional 5% Pre-Publication Discount on all Forthcoming Reference BooksBrowse Titles

Special Offers
- Receive Complimentary Electronic Access to the First, Second, Third, and Fourth Edition of the
  Encyclopedia of Information Science and Technology with the Purchase of the Fifth Edition
  For a limited time, receive the complimentary e-books for the first, second, third, and fourth editions with the purchase of the Encyclopedia of Information Science and Technology, Fifth Edition e-book*. Offer is only valid when purchasing the fifth edition’s hardcover + e-book or e-book only option directly through IGI Global’s Online Bookstore (www.igi-global.com/books) and is not intended for use by book distributors or wholesalers. Contact Customer Service, cust@igi-global.com, for details. Offer expires July 1, 2021.
  Learn More
  Receive a 50% Discount on All IGI Global Major Reference Works in Electronic Format through GOBI
  Until December 31, 2020, you can receive a 50% discount on all Major Reference Works (i.e. encyclopedias, handbooks of research, and research anthologies) in electronic format ordered on the IGI Global InfoSci platform through GOBI. This discount is only applicable on e-books ordered on GOBI through IGI Global's InfoSci platform and e-books are available for PDF and/or ePUB download, unlimited simultaneous users, and no DRM.
  Browse Titles
- IGI Global is Now Offering a 5% Pre-Publication Discount on
  All Reference Books Ordered Through IGI Global’s Online Bookstore*
  To support customers with accessing the latest research, IGI Global is offering a 5% pre-publication discount on all hardcover, softcover, e-books, and hardcover + e-books titles.
  *5% discount offer is eligible on hardcover, softcover, e-books, and hardcover + e-books titles and is automatically applied directly to the shopping cart. Discount offer only valid on purchases made directly through IGI Global’s Online Bookstore and offer expires 30 days after the publication’s release. This automatic discount is not intended for use by book distributors or wholesalers.
  Browse Titles
  Receive Free Shipping on Orders Over US$ 295.00
  Free shipping will be automatically applied to shopping cart orders over US$ 295.00 or more before tax, which can include a combination of print and non-shippable products (i.e. e-books, e-journals, and articles/chapters). It is only available when you order directly through IGI Global’s Online Bookstore and is only valid on standard U.S. and international shipping. There will be additional charges for express shipping and limitations may apply.
  Browse Titles
- Receive a 50% Discount on All Major Reference Works in Electronic Format
  IGI Global is offering a 50% discount on their Major Reference Works when customers order directly through the IGI Global Online Bookstore. This discount includes IGI Global's Handbooks of Research, Research Anthologies, and Encyclopedias, which are ideal for institutions looking for all-encompassing reference sources.Valid until December 31, 2020.
  View Titles
- Offering a 50% Discount on All Individual E-Journal 2021 Subscriptions
  To ensure that institutions can affordably acquire critical content, IGI Global is offering a 50% discount on all individual e-journal 2021 subscriptions through IGI Global’s Online Bookstore and preferred subscription agencies, including EBSCO Subscription Services, LM Information Delivery, Otto Harrassowitz, and more. Valid until December 31, 2020.
  Browse Journals
- Must-Have Resource! InfoSci-Knowledge Solutions Databases
  IGI Global is now offering a new collection of InfoSci-Knowledge Solutions databases, which allow institutions to affordably acquire a diverse, rich collection of peer-reviewed e-books and scholarly e-journals. Ideal for subject librarians, these databases span major subject areas including business, computer science, education, and social sciences.
  Learn More
- Create a Free IGI Global Library Account to Receive an Additional 5% Discount on All Purchases
  Exclusive benefits include one-click shopping, flexible payment options, free COUNTER 5 reports and MARC records, and a 5% discount on single all titles, as well as the award-winning InfoSci^®-Databases.
  Sign Up Now!
Books
Journals
- - Journals
  - Open Access Journals
InfoSci^®-Databases
Articles/Chapters
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - K-12 Online Learning Collection
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - COPE Membership
  - Fair Use Policy
  - Open Access Publishing
  - Editorial Services
  - FAQ
Catalogs
About Us
Newsroom

Security Policy Specification

Jorge Bernal Bernabé (University of Murcia, Spain), Juan M. Marín Pérez (University of Murcia, Spain), Jose M. Alcaraz Calero (Cloud and Security Lab Hewlett-Packard Laboratories, UK), Jesús D. Jiménez Re (University of Murcia, Spain), Félix J.G. Clemente (University of Murcia, Spain), Gregorio Martínez Pérez (University of Murcia, Spain) and Antonio F.G. Skarmeta (University of Murcia, Spain)

Source Title: Network and Traffic Engineering in Emerging Distributed Computing Applications

DOI: 10.4018/978-1-4666-1888-6.ch004

OnDemand PDF Download:

Available

$37.50

Current Special Offers

No Current Special Offers

Abstract

Policy-based management of information systems enables the specification of high-level policies which need to be refined into lower level configurations suitable to be directly applied to services and final devices in order to achieve the high-level behavior previous specified. This chapter presents a proposal for describing high-level security policies and for carrying out the policy refinement process for which low level policies and configurations are achieved. Firstly, an analysis of different research works related to the specification of security policy is provided. Then, a detailed description of the information model used for describing the information systems and the policies is described. After that, the language designed for specifying high level security policies is explained as well as the low level language based on the Common Information Model. Finally, some aspect about the policy refinement process done in the policy-based system in order to achieve low-level policies from the high-level security policies is outlined together with a description of the tools which can assist in the definition of the security policies and in the process refinement process.

Chapter Preview

Top

Introduction

Information systems are incredibly growing nowadays becoming more and more complex to be administrated. Managing huge systems is a very complex problem and this issue has been focused in several research works during the last years proposing alternatives to tackle different aspects of system management. An approach is the management of systems based on policies. It enables the specification of high level business policies which are refined into low-level policies suitable to be directly applied into final devices to achieve the high-level behavior previous specified.

Security is a key aspect to be controlled in information systems and policy-based systems can help to control it. To this end, security policies can be described by administrators using a language designed for this purpose which enables the description of high level security policies. Researchers have proposed multiple approaches for policy specification that range from formal policy languages that a computer can directly process and interpret, to rule-based policy notation using an if-then-else format. The definition and the usage of high level policy languages ease the process of policy specification reducing significantly errors therein. In fact, high-level policies require less effort to be written and maintained since a lot of details are hidden to writers. Note that this kind of policies does not need training or deep knowledge to be used even by (maybe not so skilled) administrators. This is especially suitable in security field in which any specification error potentially may cause a security hole in the information system.

In the policy definition process, the task of a policy manager is to transform the business policies into implementable policies using a formal language for this purpose. To do so, the manager uses a high level policy language that assures that the representation of security policies will be unambiguous and verifiable. Moreover, other important requirements of any policy language are:

•
Clear and well defined semantics: The semantics of a policy language can be considered as well defined if the meaning of a policy written in this language is unambiguous at any time of its life-cycle.
•
Flexibility and extensibility: A policy language has to be flexible enough to allow new policy information to be expressed, and extensible enough to allow new semantics to be added in future versions of this language.
•
Independent of the administrative domain: where it will be used and, in particular, of manufacturers/providers of devices and services. A policy language is independent if a policy written in this language is independent of a specific deployment.
•
Readability: A policy language must be easy to understand when read by the administrator.
•
Amenable to combining: A policy language should include a way of grouping policies.

In addition, a policy language should facilitate the realization of functions related to policy framework. In this sense, other requirements are:

•
Access to policy information: A policy representation oriented to facilitate queries about policy information.
•
Conflict detection: A policy language which facilitates the process of conflict detection, either enabling a direct integration in conflict analysis tools, or having syntactic and semantics elements to facilitate the conflict analysis.
•
Policy distribution: The policy representation may support of multiple bindings that is to be possible to convey policy instances in a number of different protocols.
•
Policy refinement: A policy language may provide facilities or techniques to help in the policy translation process and to achieve policy and rules consistent at every level of abstraction.

Complete Chapter List

Search this Book:

Reset

MLA

APA

Chicago

Export Reference

Security Policy Specification

Abstract

Introduction

Complete Chapter List