Multidimensional Security Policies

Bojan Suzic

Research output: Book/ReportCommissioned reportResearch

Abstract

The definition, evaluation and execution of security policies are typically oriented toward a particular organization and its internal infrastructure. In such scenario, the conceptualization of security policies follows organizational processes, being aligned with them both in the terms of capabilities, applied data structures or communication interfaces. The transition to cloud and mobile technologies, which increasingly depend on inter-organizational connectivity and collaboration of heterogeneous environments, introduces the challenges to this approach. In order to be applicable in cross-platform and cross-system scenarios, security policies need to conform to the requirements of interoperability, which especially involves their structure, representation and abstraction level of conceptualization.
Hence, the policies need to be understood and applicable beyond central premises and processes, exhibiting the form that supports the collaboration in distributed and heterogeneous environments.
The same applies to the entities and processes dealt with these policies, as they need to be understood out of the context as well. The arrangement of these policies additionally needs to demonstrate the advanced expressivity and the capability to support different dimensions of security requirements. These dimensions, depending on a particular scenario, might include the contextual requirements, limitations, data security and legal aspects, as well as the capability to handle security level agreements and contract-based transactions.
The goal of this project is twofold. First, it aims to provide a brief analysis of integration processes and application of security policies in cross-domain environments, reviewing the issues and establishing the requirements for interoperable and multidimensional policies. In the second aim, this project provides an initial groundwork in the form of a framework that can be used to analyze, define, test and integrate security policies in multiple environments. This technical report hence presents both of these results, elaborating on additional aspects and features that enable their application below the definition and exchange of security policies.
LanguageEnglish
PublisherZentrum für sichere Informationstechnologie - Austria
Number of pages26
StatusPublished - 2016

Keywords

    Cite this

    Suzic, B. (2016). Multidimensional Security Policies. Zentrum für sichere Informationstechnologie - Austria.

    Multidimensional Security Policies. / Suzic, Bojan.

    Zentrum für sichere Informationstechnologie - Austria, 2016. 26 p.

    Research output: Book/ReportCommissioned reportResearch

    Suzic, B 2016, Multidimensional Security Policies. Zentrum für sichere Informationstechnologie - Austria.
    Suzic B. Multidimensional Security Policies. Zentrum für sichere Informationstechnologie - Austria, 2016. 26 p.
    Suzic, Bojan. / Multidimensional Security Policies. Zentrum für sichere Informationstechnologie - Austria, 2016. 26 p.
    @book{d1f58c3b1aac40abae66d0b272ea7d9b,
    title = "Multidimensional Security Policies",
    abstract = "The definition, evaluation and execution of security policies are typically oriented toward a particular organization and its internal infrastructure. In such scenario, the conceptualization of security policies follows organizational processes, being aligned with them both in the terms of capabilities, applied data structures or communication interfaces. The transition to cloud and mobile technologies, which increasingly depend on inter-organizational connectivity and collaboration of heterogeneous environments, introduces the challenges to this approach. In order to be applicable in cross-platform and cross-system scenarios, security policies need to conform to the requirements of interoperability, which especially involves their structure, representation and abstraction level of conceptualization.Hence, the policies need to be understood and applicable beyond central premises and processes, exhibiting the form that supports the collaboration in distributed and heterogeneous environments.The same applies to the entities and processes dealt with these policies, as they need to be understood out of the context as well. The arrangement of these policies additionally needs to demonstrate the advanced expressivity and the capability to support different dimensions of security requirements. These dimensions, depending on a particular scenario, might include the contextual requirements, limitations, data security and legal aspects, as well as the capability to handle security level agreements and contract-based transactions.The goal of this project is twofold. First, it aims to provide a brief analysis of integration processes and application of security policies in cross-domain environments, reviewing the issues and establishing the requirements for interoperable and multidimensional policies. In the second aim, this project provides an initial groundwork in the form of a framework that can be used to analyze, define, test and integrate security policies in multiple environments. This technical report hence presents both of these results, elaborating on additional aspects and features that enable their application below the definition and exchange of security policies.",
    keywords = "security policy, security policies, security enforcement, data privacy, oauth, xacml, distributed systems, cross-domain",
    author = "Bojan Suzic",
    year = "2016",
    language = "English",
    publisher = "Zentrum f{\"u}r sichere Informationstechnologie - Austria",
    address = "Austria",

    }

    TY - BOOK

    T1 - Multidimensional Security Policies

    AU - Suzic,Bojan

    PY - 2016

    Y1 - 2016

    N2 - The definition, evaluation and execution of security policies are typically oriented toward a particular organization and its internal infrastructure. In such scenario, the conceptualization of security policies follows organizational processes, being aligned with them both in the terms of capabilities, applied data structures or communication interfaces. The transition to cloud and mobile technologies, which increasingly depend on inter-organizational connectivity and collaboration of heterogeneous environments, introduces the challenges to this approach. In order to be applicable in cross-platform and cross-system scenarios, security policies need to conform to the requirements of interoperability, which especially involves their structure, representation and abstraction level of conceptualization.Hence, the policies need to be understood and applicable beyond central premises and processes, exhibiting the form that supports the collaboration in distributed and heterogeneous environments.The same applies to the entities and processes dealt with these policies, as they need to be understood out of the context as well. The arrangement of these policies additionally needs to demonstrate the advanced expressivity and the capability to support different dimensions of security requirements. These dimensions, depending on a particular scenario, might include the contextual requirements, limitations, data security and legal aspects, as well as the capability to handle security level agreements and contract-based transactions.The goal of this project is twofold. First, it aims to provide a brief analysis of integration processes and application of security policies in cross-domain environments, reviewing the issues and establishing the requirements for interoperable and multidimensional policies. In the second aim, this project provides an initial groundwork in the form of a framework that can be used to analyze, define, test and integrate security policies in multiple environments. This technical report hence presents both of these results, elaborating on additional aspects and features that enable their application below the definition and exchange of security policies.

    AB - The definition, evaluation and execution of security policies are typically oriented toward a particular organization and its internal infrastructure. In such scenario, the conceptualization of security policies follows organizational processes, being aligned with them both in the terms of capabilities, applied data structures or communication interfaces. The transition to cloud and mobile technologies, which increasingly depend on inter-organizational connectivity and collaboration of heterogeneous environments, introduces the challenges to this approach. In order to be applicable in cross-platform and cross-system scenarios, security policies need to conform to the requirements of interoperability, which especially involves their structure, representation and abstraction level of conceptualization.Hence, the policies need to be understood and applicable beyond central premises and processes, exhibiting the form that supports the collaboration in distributed and heterogeneous environments.The same applies to the entities and processes dealt with these policies, as they need to be understood out of the context as well. The arrangement of these policies additionally needs to demonstrate the advanced expressivity and the capability to support different dimensions of security requirements. These dimensions, depending on a particular scenario, might include the contextual requirements, limitations, data security and legal aspects, as well as the capability to handle security level agreements and contract-based transactions.The goal of this project is twofold. First, it aims to provide a brief analysis of integration processes and application of security policies in cross-domain environments, reviewing the issues and establishing the requirements for interoperable and multidimensional policies. In the second aim, this project provides an initial groundwork in the form of a framework that can be used to analyze, define, test and integrate security policies in multiple environments. This technical report hence presents both of these results, elaborating on additional aspects and features that enable their application below the definition and exchange of security policies.

    KW - security policy

    KW - security policies

    KW - security enforcement

    KW - data privacy

    KW - oauth

    KW - xacml

    KW - distributed systems

    KW - cross-domain

    M3 - Commissioned report

    BT - Multidimensional Security Policies

    PB - Zentrum für sichere Informationstechnologie - Austria

    ER -