The design of efficient and effective techniques for security policy analysis is a crucial open problem in modern information systems. Significant attention has been dedicated in the past to the use of logical tools for the analysis of security policies, but this work has produced a limited impact on enterprise information systems. Important reasons of the limited success of past research were the difficult integration of these approaches with the technological scenario and the limited scalability of many proposals. Nowadays Semantic Web tools are increasingly used in modern information systems. We show how the tools provided by Semantic Web and ontology management technologies offer an adequate basis for the realization of techniques able to support conflict analysis in security policies. Based on the use of these techniques, we propose a solution for two different variants of conflict analysis: (a) Policy Incompatibility, and (b) Separation of Duty Satisfiability. Experiments that test the techniques on large security policies demonstrate the scalability of the approach.

(2012). Conflict detection in security policies using Semantic Web technology [conference presentation - intervento a convegno]. Retrieved from http://hdl.handle.net/10446/28258

Conflict detection in security policies using Semantic Web technology

Paraboschi, Stefano;Magri, Eros;Guarnieri, Marco
2012-01-01

Abstract

The design of efficient and effective techniques for security policy analysis is a crucial open problem in modern information systems. Significant attention has been dedicated in the past to the use of logical tools for the analysis of security policies, but this work has produced a limited impact on enterprise information systems. Important reasons of the limited success of past research were the difficult integration of these approaches with the technological scenario and the limited scalability of many proposals. Nowadays Semantic Web tools are increasingly used in modern information systems. We show how the tools provided by Semantic Web and ontology management technologies offer an adequate basis for the realization of techniques able to support conflict analysis in security policies. Based on the use of these techniques, we propose a solution for two different variants of conflict analysis: (a) Policy Incompatibility, and (b) Separation of Duty Satisfiability. Experiments that test the techniques on large security policies demonstrate the scalability of the approach.
2012
Paraboschi, Stefano; Arrigoni Neri, Mario; Mutti, Simone; Magri, Eros; Guarnieri, Marco
File allegato/i alla scheda:
Non ci sono file allegati a questa scheda.
Pubblicazioni consigliate

Aisberg ©2008 Servizi bibliotecari, Università degli studi di Bergamo | Terms of use/Condizioni di utilizzo

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10446/28258
Citazioni
  • Scopus 10
  • ???jsp.display-item.citation.isi??? 0
social impact