Presentation is loading. Please wait.

Presentation is loading. Please wait.

MITREMITRE Coalition Security Policy Language Project 11 December 2000.

Published byJustin Garrison Modified over 9 years ago

Similar presentations

Presentation on theme: "MITREMITRE Coalition Security Policy Language Project 11 December 2000."— Presentation transcript:

1 MITREMITRE Coalition Security Policy Language Project 11 December 2000

2 MITREMITRE AgendaAgenda  What is a Security Policy Language?  What will it do for me?  Some Security Policy Languages  Some Limitations of Security Policy Languages  Security Domain Interoperability Dilemma – Mutually Suspicious Domains  The Coalition Security Policy Language Project  Participation

3 MITREMITRE What is a Security Policy Language?  Policy – A rule that can be used to change the behavior of a system, domain, organization, or component.  Policy Language – A framework for specifying policies (rules) that is independent of entity or entities implementing those policies.  Security Policy Language – A framework for specifying the rules including, but not limited to:  Identification & Authorization –what entities external to the subject security domain can have access to information/services offered within the security domain and what limitations are placed upon that access  Obligation – the actions of entities within the security domain with respect to other entities, both within and external to the security domain  Restraints – the actions that an entity may not take (negative authorizations, in a way)  Delegations – what actions can be delegated to other entities  Constraints – limits to the applicability of policies that based on variable parameters Security Policy Languages should always be role based.

4 MITREMITRE What will it do for me?  Allow specification and modification of policies independent from implementation  Dynamic modifications  No recoding  Persistence of policies  Precise specification of subjects, targets, actions, and constraints  Applicable to humans and automated entities  Defines responsibilities, rights, and duties based on roles  Roles of individuals  Roles of groups  Roles of individuals relative to groups (role relationships)  Role specialization  Role generalization  Allows adjustment of Quality of Service (QoS) as roles and context change  Reuse of policies and sets of policies  Policy patterns?

5 MITREMITRE Some Security Policy Languages  Security Policy Language (SPL)  Mageland Institute, Portugal  Trust Policy Language (TPL)  IBM  Policy Language for AuthorizationS (PLAS)  IBM  Policy Description Language (PDL)  University of Munich  Ponder  Imperial College of Science, Technology and Medicine

6 MITREMITRE Some Limitations of Security Policy Languages  Single regulatory, linguistic, and cultural context  Laws and regulation differ from country to country  Language and cultural differences cause semantic disconnects  Conflict detection and resolution  Multiple Policies  An entity may be a member of multiple domains with conflicting policies  Multiple roles with conflicting policies  Policy Precedence  Group vs. role vs. entity  Semantic Conflicts  Separation of duties  Self-management  Resource conflict  Not interoperable  No single accepted ontology  Domains must have prior knowledge of each other

7 MITREMITRE Security Domain Interoperability Dilemma – Mutually Suspicious Domains  Today’s approach: Do I know you?  Yes? Okay we can communicate.  No? Go away!  What is needed: Do I know about you?  Yes? Do I know you?  Yes? Okay we can communicate.  No? Is there someone that can do a proper introduction?  Yes? Okay we can communicate as soon as we are introduced..  No? Tell me a little about yourself.  Maybe there are some things that we can talk about.  Do we have common friends?  Do we have similar policies? It must be possible to exchange some level of information between entities that have no prior knowledge or experience with each other.

8 MITREMITRE The Coalition Security Policy Language Project  Investigate the use of a security policy language  Universally understood form  UML  XML  Other?  Commonly understood ontology  Exchange knowledge of security policies  For negotiating parameters of information exchange  Primary Goals  Year 1: Enable local server administrator to grant accesses to previously unknown clients based on verifiable policies.  Year 2: Automate negotiation process  First proposal for P4I Environment

9 MITREMITRE ParticipationParticipation  USA Participants (6 organizations)  Specification development  MITRE Corporation  2 SY per year  Proposal for MITRE research funds in work  Research and Development Organization (TBD)  1 – 2 SY per year  Prototype/pilot development  Software vendors in two different information domains (TBD)  Year 1: 1 SY per vendor  Year 2: 2 SY per vendor  Integration, Verification, and Validation  Large integrator (TBD)  1 SY per year  Small integrator  1 SY per year  Non-USA Participants (10 organizations)  Specification development  3 organizations, 1-2 SY each  Prototype/pilot development  5 vendors  Year 1: 1 SY per vendor  Year 2: 2 SY per vendor  Integration, Verification, and Validation  2 organizations  1 SY per year each

Download ppt "MITREMITRE Coalition Security Policy Language Project 11 December 2000."

Similar presentations

An Adaptive Policy-Based Framework for Network Service Management Leonidas Lymberopoulos Emil Lupu Morris Sloman Department of Computing Imperial College.

An Adaptive Policy-Based Framework for Network Service Management Leonidas Lymberopoulos Emil Lupu Morris Sloman Department of Computing Imperial College.
Andrea Maurino Web Service Design Methodology Batini, De Paoli, Maurino, Grega, Comerio WP2-WP3 Roma 24/11/2005.

Andrea Maurino Web Service Design Methodology Batini, De Paoli, Maurino, Grega, Comerio WP2-WP3 Roma 24/11/2005.
Policy Specification, Analysis and Transformation International Technology Alliance in Network and Information Sciences A scenario based demo will illustrate.

Policy Specification, Analysis and Transformation International Technology Alliance in Network and Information Sciences A scenario based demo will illustrate.
UDDI v3.0 (Universal Description, Discovery and Integration)

UDDI v3.0 (Universal Description, Discovery and Integration)
Database Systems: Design, Implementation, and Management Tenth Edition

Database Systems: Design, Implementation, and Management Tenth Edition
Policy Description & Enforcement Languages Anis Yousefi

Policy Description & Enforcement Languages Anis Yousefi
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
CT1404 Lecture 2 Requirement Engineering and Use Cases 1.

CT1404 Lecture 2 Requirement Engineering and Use Cases 1.
NaLIX: A Generic Natural Language Search Environment for XML Data Presented by: Erik Mathisen 02/12/2008.

NaLIX: A Generic Natural Language Search Environment for XML Data Presented by: Erik Mathisen 02/12/2008.
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
Friendly Authentication and Communication Experience (Face) for Ubiquitous Authentication on Mobile Devices Author: Benjamin Halpert Presented by: 魏聲尊.

Friendly Authentication and Communication Experience (Face) for Ubiquitous Authentication on Mobile Devices Author: Benjamin Halpert Presented by: 魏聲尊.
1 Clark Wilson Implementation Shilpa Venkataramana.

1 Clark Wilson Implementation Shilpa Venkataramana.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.

Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Ministry of Transport, Information Technology and Communications Technological base: Interoperability Tsvetanka Kirilova Ministry of TITC Bulgaria.

Ministry of Transport, Information Technology and Communications Technological base: Interoperability Tsvetanka Kirilova Ministry of TITC Bulgaria.
Business Rules INFS 770 – KM for E-Business Professor L. Kerschberg Spring 2004.

Business Rules INFS 770 – KM for E-Business Professor L. Kerschberg Spring 2004.
CMPT 275 Software Engineering

CMPT 275 Software Engineering
Securing Legacy Software SoBeNet User group meeting 25/06/2004.

Securing Legacy Software SoBeNet User group meeting 25/06/2004.
Test Organization and Management

Test Organization and Management

Similar presentations

Ads by Google