Skip to main content
SpringerLink
Log in

A Tool for Managing Security Policies in Organisations

  • Conference paper
Advances in Information and Computer Security (IWSEC 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4266))

Included in the following conference series:

  • 691 Accesses

Abstract

Security policies are rules aimed at protecting the resources of an organisation from the risks associated with computer usage. Designing, implementing and maintaining security policies are all error prone and time consuming. We report on a tool that helps managing the security policies of an organisation. Security policies are formalised using first-order logic with equality and the unique names assumption, closely following the security policy language suggested in [1]. The tool includes a link to an automated theorem prover, Otter [2], and to a model finder, Mace [2], used to formally verify a set of formal security policies. It also includes a GUI and a number of links to read information and security policies from organisation databases and access control lists.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Halpern, J.Y., Weissman, V.: Using first-order logic to reason about policies. In: Proceedings of the 16th IEEE Computer Security Foundations Workshop CSFW 2003, pp. 187–201. IEEE Computer Society, Los Alamitos (2003)

    Chapter  Google Scholar 

  2. McCune, W.: Otter 2.0. In: Stickel, M.E. (ed.) CADE 1990. LNCS, vol. 449, pp. 663–664. Springer, Heidelberg (1990)

    Google Scholar 

  3. McCune, W.: Mace4 Reference Manual and Guide. The Computing Research Repository (CoRR) CS.SC/0310055 (2004)

    Google Scholar 

  4. Hoagland, J.A.: Specifying and enforcing policies using LaSCO, the language for security constraints on objects. The Computing Research Repository, CS.CR/0003066 (2000)

    Google Scholar 

  5. Iannella, R.: ODRL: The open digital rights language initiative. Technical report

    Google Scholar 

  6. Kangasluoma, M.: Policy Specification Languages. Department of Computer Science, Helsinki University of Technology (1999)

    Google Scholar 

  7. Krsul, I., Spafford, E., Tuglular, T.: A New Approach to the Specification of General Computer Security Policies. COAST Techical Report 97–13, West Lafayette, IN 47907–1398 (1998)

    Google Scholar 

  8. Davies, E.: Representation of Commonsense Knowledge. Courant Institute for Mathematical Sciences (1990)

    Google Scholar 

  9. Ryutov, T., Neuman, C.: Representation and evaluation of security policies for distributed system services. In: Proceedings of DARPA Information Survivability Conference and Exposition 2000 (DISCEX 2000), vol. 2, pp. 172–183 (2000)

    Google Scholar 

  10. Bhatti, R., Ghafoor, A., Bertino, E., Joshi, J.: X-GTRBAC: an XML-based policy specification framework and architecture for enterprise-wide access control. ACM Transactions on Information and System Security (TISSEC) 8(2), 187–227 (2005)

    Article  Google Scholar 

  11. Ngamsuriyaroj, S., Keefe, T.F., Hurson, A.R.: Maintaining consistency of the security policy using timestamp ordering. In: Proceedings of the 2002 International Conference on Information Technology: Coding and Computing, pp. 164–170. IEEE Computer Society, Los Alamitos (2002)

    Chapter  Google Scholar 

  12. Ngamsuriyaroj, S., Keefe, T.F., Hurson, A.R.: Maintaining consistency of the security policy in distributed environment. In: Proceedings of the 21st IEEE International Performance, Computing, and Communications Conference, pp. 179–186. IEEE Computer Society, Los Alamitos (2002)

    Google Scholar 

  13. Zanin, G., Mancini, L.V.: Security analysis: Towards a formal model for security policies specification and validation in the selinux system. In: Proceedings of the ninth ACM symposium on Access control models and technologies, pp. 126–135. ACM Press, New York (2004)

    Google Scholar 

  14. García, K., Monroy, R., Vázquez, J.: An Artificial Manager for Security Policies in Organizations. Journal of Research in Computing Science 17, 97–106 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Tecnológico de Monterrey, Campus Estado de México, Km 3.5 Carretera al Lago de Guadalupe, Col. Margarita Maza de Juárez, Atizapán de Zaragoza, Estado de México, 52926, Mexico

    Anna V. Álvarez, Karen A. García, Raúl Monroy & Luis A. Trejo

  2. Banco de México, Avenida 5 de Mayo, Col. Centro, Del. Cuauhtémoc, México D.F., 06059, Mexico

    Jesús Vázquez

Authors
  1. Anna V. Álvarez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Karen A. García
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Raúl Monroy
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Luis A. Trejo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jesús Vázquez
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Electro-Communication, The University of Electro-Communications, 1-5-1, Chofugaoka, P.O. Box, 182-8585, Chofu, Japan

    Hiroshi Yoshiura

  2. Department of Computer Science, Communication Engineering, Kyushu University, 812-0053, Fukuoka, Japan

    Kouichi Sakurai

  3. Institute of Business Informatics, Goethe University Frankfurt, Frankfurt/Main, Germany

    Kai Rannenberg

  4. Faculty of Software and Information Science, Iwate Prefectural University, 152-52 Sugo, Takizawa, Takizawa-mura, 020-0193, Iwate, Japan

    Yuko Murayama

  5. Toshiba Corporation, 1, Komukai Toshiba-cho, Saiwai-ku, P.O. Box, 212-8582, Kawasaki, Japan

    Shinichi Kawamura

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Álvarez, A.V., García, K.A., Monroy, R., Trejo, L.A., Vázquez, J. (2006). A Tool for Managing Security Policies in Organisations. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S. (eds) Advances in Information and Computer Security. IWSEC 2006. Lecture Notes in Computer Science, vol 4266. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11908739_27

Download citation

  • DOI: https://doi.org/10.1007/11908739_27

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-47699-3

  • Online ISBN: 978-3-540-47700-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation