Abstract
Policy-based management systems are now the object of steadfast attention in network security theory and applications. Due to a complex structure of subject role hierarchies, target grouping, and action mutual dependence the security policy conflicts are complicated to detect and resolve. Moreover, an initially consistent policy ruleset may lead to inconsistent or unenforceable rules during the system lifecycle. The paper presents the architecture of Security Checker module (intended for disclosure and resolution of policy conflicts) and illustrates conflict detection based on event calculus.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Basile, C., Lioy, A.: Towards an algebraic approach to solve policy conflicts. In: Proceedings of FCS 2004 Workshop on Foundations of Computer Security, pp. 331–338 (2004)
IETF Policy Framework (policy) Working Group, http://www.ietf.org/html.charters/policy-charter.html
Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Trans. Database Systems 26(2), 214–260 (2001)
Jajodia, S., Samarati, P., Subrahmanian, V.S.: A Logical Language for Expressing Authorizations. In: IEEE Symposium on Security and Privacy (1997)
Jess, the Rule Engine for the JavaT M Platform, http://herzberg.ca.sandia.gov/jess/index.shtml
Kowalski, R.A., Sergot, M.J.: A Logic-Based Calculus of Events. New Generation Computing 4, 67–95 (1986)
Lymberopoulos, L., Lupu, E., Sloman, M.: Ponder Policy Implementation and Validation in a CIM and Differentiated Services Framework. In: IFIP/IEEE Network Operations and Management Symposium (NOMS 2004), Seoul, Korea (2004)
OASIS: eXtensible Access Control Markup Language (XACML), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
Ponder: A Policy Language for Distributed Systems Management. Department of Computing, Imperial College, http://www-dse.doc.ic.ac.uk/Research/policies/ponder.shtml
POSITIF Project leaflet (June 2004), http://www.positif.org/idissemination.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tishkov, A., Kotenko, I., Sidelnikova, E. (2005). Security Checker Architecture for Policy-Based Security Management. In: Gorodetsky, V., Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2005. Lecture Notes in Computer Science, vol 3685. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11560326_40
Download citation
DOI: https://doi.org/10.1007/11560326_40
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29113-8
Online ISBN: 978-3-540-31998-6
eBook Packages: Computer ScienceComputer Science (R0)