Skip to main content
eScholarship
Open Access Publications from the University of California

College of Engineering

Computer Science bannerUC Davis

Your Security Policy is What??

  • Author(s): Bishop, Matt
  • Peisert, Sean
  • et al.
Abstract

Your Security Policy is What??

Systems and infrastructure rarely enforce a site’s security policy precisely. Conversely, determining the policy (or policy components) that the systems and infrastructure do enforce is difficult because of the plethora of configuration files and systems at the site. We propose a way to unify these problems by applying a bi-directional method of enforcing and reverse-engineering system and infrastructure policy. The process uses a platform-independent intermediate policy representation (IPR) to bridge the gap between a high-level expression of policy and a machine-dependent, system configuration. The result of these methods, shown along with a detailed example, is that both policy discovery and enforcement can be made into a much more rigorous process.

Main Content
Current View