Policy Specification, Analysis and Transformation - PowerPoint PPT Presentation

1 / 1
About This Presentation
Title:

Policy Specification, Analysis and Transformation

Description:

A scenario based demo will illustrate the research concepts in the security ... Clare-Marie Karat, John Karat, Jorge Lobo, Dinesh Verma, and Xiping Wang (IBM Watson) ... – PowerPoint PPT presentation

Number of Views:40
Avg rating:3.0/5.0
Slides: 2
Provided by: patrick65
Category:

less

Transcript and Presenter's Notes

Title: Policy Specification, Analysis and Transformation


1
Policy Specification, Analysis and Transformation
A scenario based demo will illustrate the
research concepts in the security policy
management area. Demonstration Components
Demonstration Architecture
  • Policy Transformation
  • Transform high level policies into low level
    policies using rule based transformation.
    Example
  • Input policy
  • If user is from U.S. then provide high security
  • Transformation rules
  • Replace U.S. with subnet 9.2.x.x
  • Replace high security with 256 bit encryption
    and DES encryption
  • Output Policy
  • If user is from subnet 9.2.x.x Then use 256 bit
    encryption and DES encryption
  • SPARCLE Policy Workbench
  • The SPARCLE project is developing a highly usable
    policy workbench that enables organizations to
  • Create policies in natural language
  • Connect policy definition to system entities
  • Check policy compliance
  • Provides natural language analysis of textual
    policies, displays results for expert review, and
    generates the machine-readable XML version of the
    policies, with 94 parsing precision.
  • Displays parsing and analysis results for expert
    review.
  • Transforms the policy sets into machine-readable
    XML version of the policies.
  • Policy Deployment
  • In our scenario we are working with Self-Managed
    Cells (SMC) resources
  • SMCs are agents built using the Ponder2 policy
    framework developed at Imperial College
  • SMC policy service - Ponder2 framework
  • Two types of policies
  • Obligation policies (event-condition-action)
    define management actions performed in response
    to events
  • Authorization policies specify which actions are
    permitted on which resources and services
  • Managed objects to which policies apply can be
  • Internal resources
  • Adapters for external services
  • Policies themselves
  • Policy Analysis
  • Provides a formal process that allows policy
    administrators to certify the correctness of a
    policy.
  • Demo highlights the use of advanced algorithms to
    systematically identify potential problems.
  • Conflict Identification Check consistency
  • Policies are in conflict if they can be
    simultaneously applicable and prescribe
    incompatible actions.
  • Dominance Analysis Discover redundancies
  • A policy is dominated by one or more other
    policies when the addition of the first policy
    does not effect the behavior of the system
    governed by the set of policies.
  • Coverage Analysis Check Completeness
  • A set of policies may (or may not) provide
    definition for a range of input parameters. This
    analysis method determines if there are gaps in
    the coverage.
  • Project Team
  • Mandis Beigi, Carolyn Brodie, Seraphin Calo,
    David George, Clare-Marie Karat, John Karat,
    Jorge Lobo, Dinesh Verma, and Xiping Wang (IBM
    Watson)
  • Morris Sloman, Alberto Schaeffer-Filho (Imperial
    College)
Write a Comment
User Comments (0)
About PowerShow.com