C. Basile, A. Lioy, Christian Pitscheider, Shilong Zhao
{"title":"政策协调的正式模型","authors":"C. Basile, A. Lioy, Christian Pitscheider, Shilong Zhao","doi":"10.1109/PDP.2015.42","DOIUrl":null,"url":null,"abstract":"This paper proposes a novel approach to perform the reconciliation of security policies by means of user-defined reconciliation strategies. The proposed policy reconciliation model allows several degree of freedom when specifying reconciliation strategies, which can be based not only on rule actions, like most of the works in literature, but also on other rule data (e.g., the conditions) and other external data (e.g., rule priorities, policy priorities). Additionally, it can be applied to reconcile policies at runtime and off-line, that is, it allows the generation of a reconciled policy. Moreover, the reconciliation process generates a detailed report on all the decision taken. Given its expressiveness, the approach can be also applied to simplify the policy specification process. The model has been validated against a practical example, the definition of the application layer filtering policy in a corporate scenario, and its performance has been tested with synthetic policies. Both validation and performance analysis gave encouraging results.","PeriodicalId":285111,"journal":{"name":"2015 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-03-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"A Formal Model of Policy Reconciliation\",\"authors\":\"C. Basile, A. Lioy, Christian Pitscheider, Shilong Zhao\",\"doi\":\"10.1109/PDP.2015.42\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper proposes a novel approach to perform the reconciliation of security policies by means of user-defined reconciliation strategies. The proposed policy reconciliation model allows several degree of freedom when specifying reconciliation strategies, which can be based not only on rule actions, like most of the works in literature, but also on other rule data (e.g., the conditions) and other external data (e.g., rule priorities, policy priorities). Additionally, it can be applied to reconcile policies at runtime and off-line, that is, it allows the generation of a reconciled policy. Moreover, the reconciliation process generates a detailed report on all the decision taken. Given its expressiveness, the approach can be also applied to simplify the policy specification process. The model has been validated against a practical example, the definition of the application layer filtering policy in a corporate scenario, and its performance has been tested with synthetic policies. Both validation and performance analysis gave encouraging results.\",\"PeriodicalId\":285111,\"journal\":{\"name\":\"2015 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing\",\"volume\":\"5 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-03-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PDP.2015.42\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PDP.2015.42","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
This paper proposes a novel approach to perform the reconciliation of security policies by means of user-defined reconciliation strategies. The proposed policy reconciliation model allows several degree of freedom when specifying reconciliation strategies, which can be based not only on rule actions, like most of the works in literature, but also on other rule data (e.g., the conditions) and other external data (e.g., rule priorities, policy priorities). Additionally, it can be applied to reconcile policies at runtime and off-line, that is, it allows the generation of a reconciled policy. Moreover, the reconciliation process generates a detailed report on all the decision taken. Given its expressiveness, the approach can be also applied to simplify the policy specification process. The model has been validated against a practical example, the definition of the application layer filtering policy in a corporate scenario, and its performance has been tested with synthetic policies. Both validation and performance analysis gave encouraging results.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
