A Tool for Managing Security Policies in Organisations
نویسندگان
چکیده
Security policies are rules aimed at protecting the resources of an organisation from the risks associated with computer usage. Designing, implementing and maintaining security policies are all error prone and time consuming. We report on a tool that helps managing the security policies of an organisation. Security policies are formalised using first-order logic with equality and the unique names assumption, closely following the security policy language suggested in [1]. The tool includes a link to an automated theorem prover, Otter [2], and to a model finder, Mace [2], used to formally verify a set of formal security policies. It also includes a GUI and a number of links to read information and security policies from organisation databases and access control lists.
منابع مشابه
"Comply or Die" Is Dead: Long Live Security-Aware Principal Agents
Information security has adapted to the modern collaborative organisational nature, and abandoned “command-andcontrol” approaches of the past. But when it comes to managing employee’s information security behaviour, many organisations still use policies proscribing behaviour and sanctioning non-compliance. Whilst many organisations are aware that this “comply or die” approach does not work for ...
متن کاملInformation Security Policies for Governmental Organisations, The Minimum Criteria
Information Security policies are seen as not only a counterproposal, but also a solution to Information Security effectiveness. However, a key issue impacting Information Security policies is what should be included in these policies. This study makes an attempt to design a Comprehensive Information Security Policy (CISP) to serve as basis for organisations when designing their own Information...
متن کاملAnalysis and Verification of XACML Policies in a Medical Cloud Environment
The connectivity of devices, machines and people via Cloud infrastructure can support collaborations among doctors and specialists from different medical organisations. Such collaborations may lead to data sharing and joint tasks and activities. Hence, the collaborating organisations are responsible for managing and protecting data they share. Therefore, they should define a set of access contr...
متن کاملAn interoperability framework for security policy languages
Security policies are widely used across the IT industry in order to secure environments. Firewalls, routers, enterprise application or even operating systems like Windows and Unix are all using security policies to some extent in order to secure certain components. In order to automate enforcement of security policies, security policy languages have been introduced. Security policy languages t...
متن کاملPoliSeer: A Tool for Managing Complex Security Policies
Few tools exist for decomposing complex security policies into simpler modules. The policy-engineering tools that do exist either encapsulate entire policies as atomic, indecomposable modules or allow fine-grained modularization but are complicated and lack policyvisualization capabilities. This paper briefly presents PoliSeer, the first tool we are aware of that allows complex policies to be s...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006