Showing 1–1 of 1 results for author: Gowadia, V
-
Checking Security Policy Compliance
Authors:
Vaibhav Gowadia,
Csilla Farkas,
Michiharu Kudo
Abstract:
Ensuring compliance of organizations to federal regulations is a growing concern. This paper presents a framework and methods to verify whether an implemented low-level security policy is compliant to a high-level security policy. Our compliance checking framework is based on organizational and security metadata to support refinement of high-level concepts to implementation specific instances. O…
▽ More
Ensuring compliance of organizations to federal regulations is a growing concern. This paper presents a framework and methods to verify whether an implemented low-level security policy is compliant to a high-level security policy. Our compliance checking framework is based on organizational and security metadata to support refinement of high-level concepts to implementation specific instances. Our work uses the results of refinement calculus to express valid refinement patterns and their properties. Intuitively, a low-level security policy is compliant to a high-level security policy if there is a valid refinement path from the high-level security policy to the low-level security policy. Our model is capable of detecting violations of security policies, failures to meet obligations, and capability and modal conflicts.
△ Less
Submitted 30 September, 2008;
originally announced September 2008.