This paper proposes a novel approach to perform the reconciliation of security policies by means of user-defined reconciliation strategies. The proposed policy reconciliation model allows several degrees of freedom when specifying reconciliation strategies, that can be based not only on rule actions, like most of the works in literature, but also on other rule data (e.g. the conditions) and other external data (e.g. rule priorities, policy priorities). Additionally, it can be applied to reconcile policies at runtime and off-line, that is, it allows the generation of a reconciled policy. Moreover, the reconciliation process generates a detailed report on all the decisions taken. Given its expressiveness, the approach can be also applied to simplify the policy specification process. The model has been validated against a practical example, the definition of the application layer filtering policy in a corporate scenario, and its performance has been tested with synthetic policies. Both validation and performance analysis gave promising results for application in practical cases.

A formal model of policy reconciliation / Basile, Cataldo; Lioy, Antonio; Pitscheider, Christian; Zhao, Shilong. - STAMPA. - (2015), pp. 587-594. (Intervento presentato al convegno PDP-2015: 23rd EuroMicro International Conference on Parallel, Distributed and network-based Processing tenutosi a Turku (Finland) nel March 4-6, 2015) [10.1109/PDP.2015.42].

A formal model of policy reconciliation

BASILE, CATALDO;LIOY, ANTONIO;PITSCHEIDER, CHRISTIAN;ZHAO, SHILONG
2015

Abstract

This paper proposes a novel approach to perform the reconciliation of security policies by means of user-defined reconciliation strategies. The proposed policy reconciliation model allows several degrees of freedom when specifying reconciliation strategies, that can be based not only on rule actions, like most of the works in literature, but also on other rule data (e.g. the conditions) and other external data (e.g. rule priorities, policy priorities). Additionally, it can be applied to reconcile policies at runtime and off-line, that is, it allows the generation of a reconciled policy. Moreover, the reconciliation process generates a detailed report on all the decisions taken. Given its expressiveness, the approach can be also applied to simplify the policy specification process. The model has been validated against a practical example, the definition of the application layer filtering policy in a corporate scenario, and its performance has been tested with synthetic policies. Both validation and performance analysis gave promising results for application in practical cases.
2015
978-1-4799-8490-9
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2574343
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo