A Framework and Architecture for the Management of Security and Privacy Policies

The vision of this multi-year project is to create an open, integrated privacy and security policy management framework based on organizational requirements that encompass end-to-end solutions for use across heterogeneous system configurations covering all data, and develop policy management utilities to populate the framework.




A layered policy model has been formulated to provide a framework for reasoning about dynamic security policies. These abstraction and transformation models are a key enabler for: providing end-to-end mechanisms for adapting system behaviors to meet high-level user-specified security goals through the enforcement of low-level controls in distributed computing systems; and, supporting the automated formal analysis of the policy processes to include policy specification, refinement (transforming high-level goals into policies that can be enforced by the system), conflict detection, and conflict resolution.

The layered policy model describes four different levels of representation: Specification, Abstract, Concrete, and Executable. The Policy Specification Layer is concerned with methods of authoring policies in constrained natural language, and capturing their structure and syntax in a formal manner. The Abstract Policy Models Layer captures the semantics of the policies or policy sets that express goals and high level objectives for system behavior. The Concrete Policy Sets Layer delineates the policies that must be upheld by the different components of the distributed system to meet the policy goals, and incorporates explicit models for data, classes of users, risk, etc. The Executable Policies Layer determines the precise constraints on resources that must be enforced by the existing security mechanisms in the system, and expresses policies explicitly in terms of the formats required by those mechanisms.