Ecole d'ingénieur et centre de recherche en télécommunications

HiPoLDS: A hierarchical security policy language for distributed systems

Dell'Amico, Matteo; Serme, Gabriel; Idrees, Muhammad Sabir; de Oliveira, Anderson Santana; Roudier, Yves

Information Security Technical Report, ISSN: 1363-4127

Expressing security policies to govern distributed systems is a complex and error-prone task. Policies are hard to understand, often expressed with unfriendly syntax, making it dicult for security administrators and for business analysts to create intelligible specifications. We introduce the Hierarchical Policy Language for Distributed Systems (HiPoLDS), which has been designed to enable the specification of security policies in distributed systems in a concise, readable, and extensible way. HiPoLDS design focuses on decentralized execution environments under the control of multiple stakeholders. It represents policy enforcement through the use of distributed reference monitors, which control the flow of information between services. HiPoLDS allows the                               definition of both abstract and concrete policies, expressing respectively high-level properties required and concrete implementation details to be ultimately introduced into the service implementation.

Document Doi Bibtex

Mots Clés:security policies, service-oriented architectures, distributed systems
Type:Journal
Langue:English
Ville:
Date:
Département:Réseaux et Sécurité
Eurecom ref:3856
Copyright: © Elsevier. Personal use of this material is permitted. The definitive version of this paper was published in Information Security Technical Report, ISSN: 1363-4127 and is available at : http://dx.doi.org/10.1016/j.istr.2012.10.002
Bibtex: @article{EURECOM+3856, doi = {http://dx.doi.org/10.1016/j.istr.2012.10.002}, year = {2012}, month = {12}, title = {{H}i{P}o{LDS}: {A} hierarchical security policy language for distributed systems}, author = {{D}ell'{A}mico, {M}atteo and {S}erme, {G}abriel and {I}drees, {M}uhammad {S}abir and de {O}liveira, {A}nderson {S}antana and {R}oudier, {Y}ves}, journal = {{I}nformation {S}ecurity {T}echnical {R}eport, {ISSN}: 1363-4127}, url = {http://www.eurecom.fr/publication/3856} }
Voir aussi: