Specifying, Reasoning About, and Implementing Security Policies: A Graph-based Approach

摘要: The objective of my Ph. D. research is to develop a formal language for the expression of security policies. Often a site will have a security policy unique to its operation. There is a pressing need to provide a language for the expression of such policies. The language will serve several important roles in enforcing security at a site: the perspicuous specification of policies, the basis for reasoning about security policies and their interaction, and the compilation of a security policy into enforcement or checking procedures. To be most useful, the policy language should be able to express a wide variety of policies and a given policy should be readily expressible in the language.One possible approach, and the one taken in this proposal, is to express security policies in terms of graphs where the graphs depict the required constraints for the policy. The nodes in such a graph represent subjects and objects in a system, and the edges a relationship between them. Depending on the policy, constraints in terms of attributes of the nodes and edges may be placed on the graph. A simple example of a policy expressed as a graph is “Joe should not connect to hosts containing sensitive information”. In this case, the graph would be an edge representing a network connection originating from a node representing an user named “Joe” and terminating at a node representing a host with the assertion that that host should not possess a “contains-sensitive-information” attribute that is true. The attribute constraint approach provides a rich and general language with which to express policies in different application domains and the visual nature of graphs should aid …