A Framework and Architecture for the Management of Security and Privacy Policies

The vision of this multi-year project is to create an open, integrated privacy and security policy management framework based on organizational requirements that encompass end-to-end solutions for use across heterogeneous system configurations covering all data, and develop policy management utilities to populate the framework.

Motivation

• Most organizations store sensitive business and personal data in heterogeneous server systems
• They do not have a unified way of defining or implementing security and privacy regarding the storage and use of that data throughout their organization
• Changing legal requirements, social pressures and technologies are making these policy issues increasingly critical to organizations and society at large
  • Audit and compliance requirements for healthcare, banking/finance, and government

Objectives

• Create an integrated privacy and security policy management framework that encompasses end-to-end solutions for use across heterogeneous configurations covering all data
• Provide mechanisms and tools for supporting policy authoring, analysis, enforcement, and auditing
• Open software

Framework

A layered policy model has been formulated to provide a framework for reasoning about dynamic security policies. These abstraction and transformation models are a key enabler for: providing end-to-end mechanisms for adapting system behaviors to meet high-level user-specified security goals through the enforcement of low-level controls in distributed computing systems; and, supporting the automated formal analysis of the policy processes to include policy specification, refinement (transforming high-level goals into policies that can be enforced by the system), conflict detection, and conflict resolution.

The layered policy model describes four different levels of representation: Specification, Abstract, Concrete, and Executable. The Policy Specification Layer is concerned with methods of authoring policies in constrained natural language, and capturing their structure and syntax in a formal manner. The Abstract Policy Models Layer captures the semantics of the policies or policy sets that express goals and high level objectives for system behavior. The Concrete Policy Sets Layer delineates the policies that must be upheld by the different components of the distributed system to meet the policy goals, and incorporates explicit models for data, classes of users, risk, etc. The Executable Policies Layer determines the precise constraints on resources that must be enforced by the existing security mechanisms in the system, and expresses policies explicitly in terms of the formats required by those mechanisms.

Links

• Open Collaborative Research: Security & Privacy
• What users need from policy systems
• How we protect privacy and ensure security