Name
Abstract | ||
|---|---|---|
Security policy alignment concerns the matching of security policies specified at different levels in socio-technical systems, and delegated to different agents, technical and human. For example, the policy that sales data should not leave an organization is refined into policies on door locks, firewalls and employee behavior, and this refinement should be correct with respect to the original policy. Although alignment of security policies in socio-technical systems has been discussed in the literature, especially in relation to business goals, there has been no formal treatment of this topic so far in terms of consistency and completeness of policies. Wherever formal approaches are used in policy alignment, these are applied to well-defined technical access control scenarios instead. Therefore, we aim at formalizing security policy alignment for complex socio-technical systems in this paper, and our formalization is based on predicates over sequences of actions. We discuss how this formalization provides the foundations for existing and future methods for finding security weaknesses induced by misalignment of policies in socio-technical systems. |
Year | DOI | Venue |
|---|---|---|
2013 | 10.1109/JSYST.2012.2221933 | Systems Journal, IEEE |
Keywords | DocType | Volume |
authorisation,formal specification,organisational aspects,complex socio-technical systems,door locks,employee behavior,firewalls,formal approach,organization,security policy alignment,security weaknesses,well-defined technical access control scenarios,Attack trees,security logics,security policies,security policy alignment,security policy refinement,socio-technical systems,system models | Journal | 7 |
Issue | ISSN | Citations |
2 | 1932-8184 | 11 |
PageRank | References | Authors |
0.88 | 16 | 3 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Wolter Pieters | 1 | 226 | 28.57 |
| Trajce Dimkov | 2 | 73 | 6.27 |
| D. Pavlović | 3 | 49 | 4.19 |