Abstract
Security policies are rules aimed at protecting the resources of an organisation from the risks associated with computer usage. Designing, implementing and maintaining security policies are all error prone and time consuming. We report on a tool that helps managing the security policies of an organisation. Security policies are formalised using first-order logic with equality and the unique names assumption, closely following the security policy language suggested in [1]. The tool includes a link to an automated theorem prover, Otter [2], and to a model finder, Mace [2], used to formally verify a set of formal security policies. It also includes a GUI and a number of links to read information and security policies from organisation databases and access control lists.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Halpern, J.Y., Weissman, V.: Using first-order logic to reason about policies. In: Proceedings of the 16th IEEE Computer Security Foundations Workshop CSFW 2003, pp. 187–201. IEEE Computer Society, Los Alamitos (2003)
McCune, W.: Otter 2.0. In: Stickel, M.E. (ed.) CADE 1990. LNCS, vol. 449, pp. 663–664. Springer, Heidelberg (1990)
McCune, W.: Mace4 Reference Manual and Guide. The Computing Research Repository (CoRR) CS.SC/0310055 (2004)
Hoagland, J.A.: Specifying and enforcing policies using LaSCO, the language for security constraints on objects. The Computing Research Repository, CS.CR/0003066 (2000)
Iannella, R.: ODRL: The open digital rights language initiative. Technical report
Kangasluoma, M.: Policy Specification Languages. Department of Computer Science, Helsinki University of Technology (1999)
Krsul, I., Spafford, E., Tuglular, T.: A New Approach to the Specification of General Computer Security Policies. COAST Techical Report 97–13, West Lafayette, IN 47907–1398 (1998)
Davies, E.: Representation of Commonsense Knowledge. Courant Institute for Mathematical Sciences (1990)
Ryutov, T., Neuman, C.: Representation and evaluation of security policies for distributed system services. In: Proceedings of DARPA Information Survivability Conference and Exposition 2000 (DISCEX 2000), vol. 2, pp. 172–183 (2000)
Bhatti, R., Ghafoor, A., Bertino, E., Joshi, J.: X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control. ACM Transactions on Information and System Security (TISSEC) 8(2), 187–227 (2005)
Ngamsuriyaroj, S., Keefe, T.F., Hurson, A.R.: Maintaining consistency of the security policy using timestamp ordering. In: Proceedings of the 2002 International Conference on Information Technology: Coding and Computing, pp. 164–170. IEEE Computer Society, Los Alamitos (2002)
Ngamsuriyaroj, S., Keefe, T.F., Hurson, A.R.: Maintaining consistency of the security policy in distributed environment. In: Proceedings of the 21st IEEE International Performance, Computing, and Communications Conference, pp. 179–186. IEEE Computer Society, Los Alamitos (2002)
Zanin, G., Mancini, L.V.: Security analysis: Towards a formal model for security policies specification and validation in the selinux system. In: Proceedings of the ninth ACM symposium on Access control models and technologies, pp. 126–135. ACM Press, New York (2004)
García, K., Monroy, R., Vázquez, J.: An Artificial Manager for Security Policies in Organizations. Journal of Research in Computing Science 17, 97–106 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Álvarez, A.V., García, K.A., Monroy, R., Trejo, L.A., Vázquez, J. (2006). A Tool for Managing Security Policies in Organisations. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds) Advances in Information and Computer Security. IWSEC 2006. Lecture Notes in Computer Science, vol 4266. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11908739_27
Download citation
DOI: https://doi.org/10.1007/11908739_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-47699-3
Online ISBN: 978-3-540-47700-6
eBook Packages: Computer ScienceComputer Science (R0)