Showing 1–1 of 1 results for author: Gowadia, V

Checking Security Policy Compliance

Authors: Vaibhav Gowadia, Csilla Farkas, Michiharu Kudo

Abstract: Ensuring compliance of organizations to federal regulations is a growing concern. This paper presents a framework and methods to verify whether an implemented low-level security policy is compliant to a high-level security policy. Our compliance checking framework is based on organizational and security metadata to support refinement of high-level concepts to implementation specific instances. O… ▽ More Ensuring compliance of organizations to federal regulations is a growing concern. This paper presents a framework and methods to verify whether an implemented low-level security policy is compliant to a high-level security policy. Our compliance checking framework is based on organizational and security metadata to support refinement of high-level concepts to implementation specific instances. Our work uses the results of refinement calculus to express valid refinement patterns and their properties. Intuitively, a low-level security policy is compliant to a high-level security policy if there is a valid refinement path from the high-level security policy to the low-level security policy. Our model is capable of detecting violations of security policies, failures to meet obligations, and capability and modal conflicts. △ Less

Submitted 30 September, 2008; originally announced September 2008.

Comments: 23 pages; submitted to TKDE; original submission 15 mar 2007; revised 20 jan 2008

ACM Class: H.1.1; H.2.0.a; I.2.2.e; I.2.4