Verification of Security Policy Enforcement in Enterprise Systems

TitleVerification of Security Policy Enforcement in Enterprise Systems
Publication TypeBook
Year of Publication2009
AuthorsGupta, Puneet, and Stoller Scott
Series TitleEmerging Challenges for Security, Privacy and Trust
Series Volume297
Number of Pages202-213
PublisherSpringer Berlin Heidelberg
ISBN Number978-3-642-01243-3
Other NumbersOnline ISBN: 978-3-642-01244-0

Many security requirements for enterprise systems can be expressed in a natural way as high-level access control policies. A high-level policy may refer to abstract information resources, independent of where the information is stored; it controls both direct and indirect accesses to the information; it may refer to the context of a request, i.e., the request’s path through the system; and its enforcement point and enforcement mechanism may be unspecified. Enforcement of a high-level policy may depend on the system architecture and the configurations of a variety of security mechanisms, such as firewalls, host login permissions, file permissions, DBMS access control, and application-specific security mechanisms. This paper presents a framework in which all of these can be conveniently and formally expressed, a method to verify that a high-level policy is enforced, and an algorithm to determine a trusted computing base for each resource.