Security Policy Languages and Enforcement

As organizations grow larger and more complex, and as cybersecurity becomes an increasingly important concern, there are growing needs for languages that can express complex security policies of organizations and for efficient mechanisms to enforce the policies. An essential function of security policies is to control authorization, that is, to determine whether a request to access a resource should be permitted or denied. This paper considers two key aspects of security policy languages—support for decentralized policy administration through “trust management”, and support for scalable policy management through roles—and techniques for the efficient implementation of these languages. The implementation techniques provide a basis for enforcing security policies expressed in these languages. Traditional ways of expressing authorization policies, such as access control lists, were developed to support authorization in centralized systems with a single administrator in control of all aspects of security policy for the entire system. They are generally adequate and widely used in that context, but they have serious deficiencies for enterprise-wide applications [2], which may have many administrative domains and varying trust relationships. Trust management systems are designed to support authorization in distributed systems [2]. The defining characteristic of trust management systems is support for decentralized security policy administration through delegation: an entity can authorize another entity to control specified aspects of security policy. For example, a company’s chief executive officer (CEO) might allow each manager to control his subordinates’ access to technical data, while the CEO retains complete control over everyone’s access to the company’s strategic plan. Role-based policy languages support scalable specification and management of policies in large systems [11, 4]. A role is an abstraction that represents a set of permissions, typically the permissions needed to perform the tasks associated with a position in an organization. Role-based authorization policies specify the roles that each user may adopt, and the permissions associated with each role.