A Knowledge-Based Repository Model for Security Policies Management - Computer Network Security

Information Technology Reference

In-Depth Information

(ag in act1.agent) and

(act1 type Read) and

(act2 in BLPpolicy.domain.activity) and

(p in act2.object) and

(ag in act2.agent) and

(act2 type Write) and

not(o.securityclass lowerEqual

p.securityclass))

==> (StarProperty in FailedRule)

$

END

Domain

Each policy has a range of applicability, called its “security domain”. In addition,

policies incorporate a model of the corresponding security domain. In the SPR, the

security domain model comprises of the following interrelated elements: Objects ,

Agents and Activities . Objects are resources controlled by the policy. They are the

assets of the information system, which need protection and include data, software,

and hardware assets. In order to allow for policies following different paradigms to be

represented in the SPR, we have included two more related concepts: Subjects and

Roles .

Subjects refer to acting entities, usually people, or processes that act on behalf of

some people. Roles are abstract descriptions of entities, such as managers, doctors,

nurses, etc. Usually, role-based policies provide rules for deciding whether a subject

should be assigned a role at a particular situation.

Agents are subjects that have been assigned a role, thus being a more abstract con-

cept. Therefore, an agent can be equivalent to a role if it refers to any subject assum-

ing this role and on the other hand an agent can be equivalent to a subject if it refers to

that subject regardless of the roles it has been assigned to. Agents are hierarchically

structured with the isA relationship. For example, if nurse is an agent name, then we

may declare that ward-A nurse isA nurse and, automatically, all rules regarding

nurses will also apply to the ward-A nurse .

Activities are performed by agents and use objects (i.e. resources). Activities can be

as general as “managing a hospital” or as concrete as “read-access” of a subject to an

object. In the latter case, activities are equivalent to actions. The basic conceptual

model of the SPR is presented in Fig. 2.

5

Conflict Management Strategies

Conflict management comprises of a) conflict detection and b) conflict resolution. It

can be realized through the following steps:

1. Resolution of conflicting objectives.

2. Semantic heterogeneity resolution.

3. Resolution of domain overlapping.

4. Antagonism reconciliation.

Computer Network Security

Search WWH ::

Custom Search

Home