Tuesday, 13 September 2011

Security Policies ..

Source: Maria Leitner,Stefanie Rinderle-Ma, and Juergen Mangler. Responsibility-driven Design and Development of Process-aware Security Policies. in Sixth International Conference on Availability, Reliability and Security. 2011.

** all information below is quoted directly from the source paper, non of this is in my own words **

Security policies are a set of principles that control which subject is allowed to access which object within an information systems. In PAIS, however, security policies require a more detailed definition due to the multi-faceted characteristics of such systems. Specifically, security policies in PAIS might relate to access control, control flow, information flow, data integrity, and availability.

Security aspects in security polices:
Structural Aspect: denotes a set of data objects and tasks, and how they occur in a process model.
- Responsibilities: We define a responsibility r to be a piece of data or interrelated tasks from the point of a certain role.
Operational Aspect: denotes constraints on this data objects and tasks, for example during process execution. I.e. under which circumstances something is allowed.
- Permissions: define which operations (execute, monitor) are allowed for which security objects (process execution, process model change, service selection).



No comments:

Post a Comment