| |
Click here for full text:
Model-based validation of enterprise access policies
Bhatt, Sandeep; Horne, William; Pato, Joe; Rajagopalan, S. Raj; Rao, Prasad
HPL-2005-152R1
Keyword(s): security; access control; policy; validation
Abstract: Coordinating security seamlessly across an enterprise is a challenge. Enterprises deploy multiple access control mechanisms at different technology layers; each mechanism is painstakingly configured and maintained using specialized user interfaces, most likely by different administrators in different organizations at different sites, perhaps employing different notions of users and roles. This piecemeal approach makes security management labor-intensive and, therefore, expensive, error-prone and slow to adapt. We present a model-driven technique for automated policy-based access analysis. Based on the ideas presented in this paper, we have built a prototype, the Integrated Security Management (ISM) system which, given the security configurations of hosts, applications and network devices, automatically validates whether the enterprise is in compliance with high-level enterprise access policy. The system relies on composable models that capture the access control semantics of applications, middleware and devices, in a manner that enables efficient enterprise-scale analysis.
16 Pages
Back to Index
|
Printable version
