Checking Security Policy Compliance
نویسندگان
چکیده
Ensuring compliance of organizations to federal regulations is a growing concern. This paper presents a framework and methods to verify whether an implemented low-level security policy is compliant to a high-level security policy. Our compliance checking framework is based on organizational and security metadata to support refinement of high-level concepts to implementation specific instances. Our work uses the results of refinement calculus to express valid refinement patterns and their properties. Intuitively, a low-level security policy is compliant to a high-level security policy if there is a valid refinement path from the high-level security policy to the low-level security policy. Our model is capable of detecting violations of security policies, failures to meet obligations, and capability and modal conflicts.
منابع مشابه
TABLEAUX 2011 Workshops , Tutorials , and Short Papers
In security and compliance, it is often necessary to ensure that agents and systems comply to complex policies. An example of such a policy from financial reporting is the requirement that every transaction t of a customer c, who has within the last 30 days been involved in a suspicious transaction t′, must be reported as suspicious within 2 days. In this talk, I will give an overview of our ap...
متن کاملCompliance Checking in the PolicyMaker Trust Management System
Emerging electronic commerce services that use public-key cryptography on a mass-market scale require sophisticated mechanisms for managing trust. For example, any service that receives a signed request for action is forced to answer the central question \Is the key used to sign this request authorized to take this action?" In some services, this question reduces to \Does this key belong to thi...
متن کاملThe Audit Logic Policy Compliance in Distributed Systems
We present a distributed framework where agents can share data along with usage policies. We use an expressive policy language including conditions, obligations and delegation. Our framework also supports the possibility to refine policies. Policies are not enforced a-priori. Instead policy compliance is checked using an a-posteriri auditing approach. Policy compliance is shown by a (logical) p...
متن کاملSpatiotemporal model checking of location and mobility related security policy specifications
For the formal verification of security in mobile networks, a requirement is that security policies associated with mobility and location constraints are formally specified and verified. For the formal specification and verification of security policies, formal methods ensure that a given network configuration that includes certain network elements satisfies a given security policy. A process c...
متن کاملInvestigate the Effects of Information Security Climate and Psychological Ownership on Information Security Policy Compliance
Currently, information security policy compliance research mainly investigates information security compliant behaviors of employees from general deterrence theory or protection motivation theory. However, these studies focus on the discussions of security specifications in organization and the motivations of individuals’ behaviors but omit the influences of contextual effects on employees’ psy...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/0809.5266 شماره
صفحات -
تاریخ انتشار 2008