从政策派生执行机制

Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07) Pub Date : 2007-06-13 DOI:10.1109/POLICY.2007.15

H. Janicke, A. Cau, F. Siewe, H. Zedan

{"title":"从政策派生执行机制","authors":"H. Janicke, A. Cau, F. Siewe, H. Zedan","doi":"10.1109/POLICY.2007.15","DOIUrl":null,"url":null,"abstract":"Policies provide a flexible and scalable approach to the management of distributed systems by separating the specification of security requirements and their enforcement Over the years the expressiveness of policy languages increased considerably making it possible to capture a variety of complex requirements that for example depend on the history of the system execution. The most important criteria for the successful operation of policy-managed systems is whether the deployed enforcement mechanisms can guarantee the compliance with the policies. With the expressiveness of policy languages this assurance is increasingly difficult to achieve. In this paper we therefore address the development of enforcement mechanisms from a theoretical perspective and show how enforcement code can be formally derived for compositional, history-dependent policies that can change dynamically over time or on the occurrence of events.","PeriodicalId":240693,"journal":{"name":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","volume":"60 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"25","resultStr":"{\"title\":\"Deriving Enforcement Mechanisms from Policies\",\"authors\":\"H. Janicke, A. Cau, F. Siewe, H. Zedan\",\"doi\":\"10.1109/POLICY.2007.15\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Policies provide a flexible and scalable approach to the management of distributed systems by separating the specification of security requirements and their enforcement Over the years the expressiveness of policy languages increased considerably making it possible to capture a variety of complex requirements that for example depend on the history of the system execution. The most important criteria for the successful operation of policy-managed systems is whether the deployed enforcement mechanisms can guarantee the compliance with the policies. With the expressiveness of policy languages this assurance is increasingly difficult to achieve. In this paper we therefore address the development of enforcement mechanisms from a theoretical perspective and show how enforcement code can be formally derived for compositional, history-dependent policies that can change dynamically over time or on the occurrence of events.\",\"PeriodicalId\":240693,\"journal\":{\"name\":\"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)\",\"volume\":\"60 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-06-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"25\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/POLICY.2007.15\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/POLICY.2007.15","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 25

摘要

策略通过分离安全需求的规范及其实施，为分布式系统的管理提供了一种灵活且可扩展的方法。多年来，策略语言的表达性大大提高，使得捕获各种复杂需求(例如依赖于系统执行历史的需求)成为可能。策略管理系统成功运行的最重要标准是所部署的实施机制是否能够保证策略的遵从性。由于政策语言的表达性，这种保证越来越难以实现。因此，在本文中，我们从理论角度讨论了强制执行机制的发展，并展示了如何正式派生强制执行代码，以用于可随时间或事件发生动态变化的组合、历史依赖策略。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Deriving Enforcement Mechanisms from Policies

Policies provide a flexible and scalable approach to the management of distributed systems by separating the specification of security requirements and their enforcement Over the years the expressiveness of policy languages increased considerably making it possible to capture a variety of complex requirements that for example depend on the history of the system execution. The most important criteria for the successful operation of policy-managed systems is whether the deployed enforcement mechanisms can guarantee the compliance with the policies. With the expressiveness of policy languages this assurance is increasingly difficult to achieve. In this paper we therefore address the development of enforcement mechanisms from a theoretical perspective and show how enforcement code can be formally derived for compositional, history-dependent policies that can change dynamically over time or on the occurrence of events.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)

自引率

0.00%

发文量