A Formal Model of Policy Reconciliation

2015 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing Pub Date : 2015-03-04 DOI:10.1109/PDP.2015.42

C. Basile, A. Lioy, Christian Pitscheider, Shilong Zhao

{"title":"A Formal Model of Policy Reconciliation","authors":"C. Basile, A. Lioy, Christian Pitscheider, Shilong Zhao","doi":"10.1109/PDP.2015.42","DOIUrl":null,"url":null,"abstract":"This paper proposes a novel approach to perform the reconciliation of security policies by means of user-defined reconciliation strategies. The proposed policy reconciliation model allows several degree of freedom when specifying reconciliation strategies, which can be based not only on rule actions, like most of the works in literature, but also on other rule data (e.g., the conditions) and other external data (e.g., rule priorities, policy priorities). Additionally, it can be applied to reconcile policies at runtime and off-line, that is, it allows the generation of a reconciled policy. Moreover, the reconciliation process generates a detailed report on all the decision taken. Given its expressiveness, the approach can be also applied to simplify the policy specification process. The model has been validated against a practical example, the definition of the application layer filtering policy in a corporate scenario, and its performance has been tested with synthetic policies. Both validation and performance analysis gave encouraging results.","PeriodicalId":285111,"journal":{"name":"2015 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-03-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PDP.2015.42","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

This paper proposes a novel approach to perform the reconciliation of security policies by means of user-defined reconciliation strategies. The proposed policy reconciliation model allows several degree of freedom when specifying reconciliation strategies, which can be based not only on rule actions, like most of the works in literature, but also on other rule data (e.g., the conditions) and other external data (e.g., rule priorities, policy priorities). Additionally, it can be applied to reconcile policies at runtime and off-line, that is, it allows the generation of a reconciled policy. Moreover, the reconciliation process generates a detailed report on all the decision taken. Given its expressiveness, the approach can be also applied to simplify the policy specification process. The model has been validated against a practical example, the definition of the application layer filtering policy in a corporate scenario, and its performance has been tested with synthetic policies. Both validation and performance analysis gave encouraging results.

查看原文本刊更多论文

政策协调的正式模型

本文提出了一种利用用户自定义协调策略实现安全策略协调的新方法。在指定协调策略时，建议的策略协调模型允许多个自由度，这些策略不仅可以基于规则操作，就像文献中的大多数作品一样，还可以基于其他规则数据(例如，条件)和其他外部数据(例如，规则优先级，策略优先级)。此外，它可以应用于在运行时和离线时协调策略，也就是说，它允许生成协调的策略。此外，核对过程产生一份关于所作出的所有决定的详细报告。考虑到其表达性，该方法还可以用于简化策略规范过程。该模型已通过一个实际示例(企业场景中应用层过滤策略的定义)进行了验证，并使用综合策略测试了其性能。验证和性能分析都给出了令人鼓舞的结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing

自引率

0.00%

发文量