compliance - PolicyComplianceChecking...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon
Policy Compliance Checking Slides from the PhD defense of  Dr. Vaibhav Gowadia
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Research Problems How can we model both high-level and low- level security policies in one framework? How can we determine whether the low-level  policy and current system configuration is  compliant to the high-level policy?
Background image of page 2
Example High-level policy Alice must provide read access to users in  group  Gamecocks  to access files on server  Hercules . Alice must protect the files on  Hercules   from unauthorized access
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Example Low-level Policy Give read access on all files hosted on  Hercules  to users in group  Gamecocks Deny access to all other users Add firewall rules to block access from  untrusted IP addresses
Background image of page 4
Compliance Checking  Framework High-level policy High-level policy KB – Ontology and Refinement Patterns (Concept-level): 1. Common to all 2. Domain-specific Report Report
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/13/2011 for the course CSCE 824 taught by Professor Staff during the Fall '11 term at South Carolina.

Page1 / 11

compliance - PolicyComplianceChecking...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online