A Novel Model of Security Policies and Requirements

Preetam Mukherjee; Chandan Mazumdar

doi:10.5220/0005239400730082

A Novel Model of Security Policies and Requirements

Preetam Mukherjee, Chandan Mazumdar

2015

Abstract

The responsibility of controlling, monitoring, analyzing or enforcing security of a system becomes complex due to the interplay among different security policies and requirements. Many of the security requirements have overlap among themselves and they are not exhaustive in nature. For that reason, maintaining security requirements and designing optimal security controls are difficult, and involve wastage of valuable resources. Finding out a set of mutually exclusive and exhaustive security requirements and canonical policies will indeed ease the security management job. From this motivation, in this paper we try to find out a set of mutually exclusive and exhaustive security requirements. To do this, a small set of low-level security policy descriptions are proposed using Process Algebraic notions, by which all kinds of high level security policies can be represented. Non-compliance to this new set of security policies gives rise to a set of security violations. These security violations are mutually exclusive and exhaustive, so all the other security violations can be described by this basic set of security violations. From these security violations, a set of security requirements is determined. To preserve the security for any system it is necessary and sufficient to maintain these requirements.

Download

Paper Citation

in Harvard Style

Mukherjee P. and Mazumdar C. (2015). A Novel Model of Security Policies and Requirements . In Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-081-9, pages 73-82. DOI: 10.5220/0005239400730082

in Bibtex Style

@conference{icissp15,
author={Preetam Mukherjee and Chandan Mazumdar},
title={A Novel Model of Security Policies and Requirements},
booktitle={Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2015},
pages={73-82},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005239400730082},
isbn={978-989-758-081-9},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - A Novel Model of Security Policies and Requirements
SN - 978-989-758-081-9
AU - Mukherjee P.
AU - Mazumdar C.
PY - 2015
SP - 73
EP - 82
DO - 10.5220/0005239400730082