Abstract
The definition, evaluation and execution of security policies are typically oriented toward a particular organization and its internal infrastructure. In such scenario, the conceptualization of security policies follows organizational processes, being aligned with them both in the terms of capabilities, applied data structures or communication interfaces. The transition to cloud and mobile technologies, which increasingly depend on inter-organizational connectivity and collaboration of heterogeneous environments, introduces the challenges to this approach. In order to be applicable in cross-platform and cross-system scenarios, security policies need to conform to the requirements of interoperability, which especially involves their structure, representation and abstraction level of conceptualization.
Hence, the policies need to be understood and applicable beyond central premises and processes, exhibiting the form that supports the collaboration in distributed and heterogeneous environments.
The same applies to the entities and processes dealt with these policies, as they need to be understood out of the context as well. The arrangement of these policies additionally needs to demonstrate the advanced expressivity and the capability to support different dimensions of security requirements. These dimensions, depending on a particular scenario, might include the contextual requirements, limitations, data security and legal aspects, as well as the capability to handle security level agreements and contract-based transactions.
The goal of this project is twofold. First, it aims to provide a brief analysis of integration processes and application of security policies in cross-domain environments, reviewing the issues and establishing the requirements for interoperable and multidimensional policies. In the second aim, this project provides an initial groundwork in the form of a framework that can be used to analyze, define, test and integrate security policies in multiple environments. This technical report hence presents both of these results, elaborating on additional aspects and features that enable their application below the definition and exchange of security policies.
Hence, the policies need to be understood and applicable beyond central premises and processes, exhibiting the form that supports the collaboration in distributed and heterogeneous environments.
The same applies to the entities and processes dealt with these policies, as they need to be understood out of the context as well. The arrangement of these policies additionally needs to demonstrate the advanced expressivity and the capability to support different dimensions of security requirements. These dimensions, depending on a particular scenario, might include the contextual requirements, limitations, data security and legal aspects, as well as the capability to handle security level agreements and contract-based transactions.
The goal of this project is twofold. First, it aims to provide a brief analysis of integration processes and application of security policies in cross-domain environments, reviewing the issues and establishing the requirements for interoperable and multidimensional policies. In the second aim, this project provides an initial groundwork in the form of a framework that can be used to analyze, define, test and integrate security policies in multiple environments. This technical report hence presents both of these results, elaborating on additional aspects and features that enable their application below the definition and exchange of security policies.
| Original language | English |
|---|---|
| Publisher | Zentrum für sichere Informationstechnologie - Austria |
| Number of pages | 26 |
| Publication status | Published - 2016 |