Title: PCIEF: a policy conflict identification and evaluation framework

Authors: Vimalathithan Subramanian; Remzi Seker; Srini Ramaswamy; Rathinasamy B. Lenin

Addresses: Department of Integrated Computing, University of Arkansas at Little Rock, 2801 S University Avenue, EIT-579, Little Rock, AR-72204, USA ' Department of Electrical, Computer, Software, and Systems Engineering, Embry-Riddle Aeronautical University, 600 S Clyde Morris Blvd., Daytona Beach, FL 32114-3900, USA ' Industrial Software Systems, ABB India Corporate Research Center, Bangalore 560048, India ' Department of Mathematics, University of Central Arkansas, 201 Donaghey Avenue, Conway, AR 72035-0001, USA

Abstract: Information system security policies have grown in complexity and the emerging collaborative nature of business has created new challenges in creating and managing such policies. These policies address several domains ranging from access control to disaster recovery and depend not only on the business itself but on socio-political/legal requirements as well. Events like collaborative work or project-based organisational units result in the need to create a new information system security policy for the specific work/project, while maintaining status quo of existing policies. This requires identification and evaluation of existing policies to enable creating the new policy in line with the existing ones with acceptable deviations based on informed decisions. This paper provides a framework for capturing and converting security policies in terms of an XML format and further into alloy language format. Policies are converted to alloy format for performing further policy consistency analysis using Alloy Analyser.

Keywords: policy conflicts; policy inter-operation; computer security; information systems; information system security; policy evaluation; conflict identification; security policy; XML format; alloy language format; alloy format.

DOI: 10.1504/IJICS.2012.051090

International Journal of Information and Computer Security, 2012 Vol.5 No.1, pp.48 - 67

Published online: 30 Aug 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article