Secure electronic commerce: building the infrastructure for digital signatures and encryption
Secure electronic commerce: building the infrastructure for digital signatures and encryption
Authentication metric analysis and design
ACM Transactions on Information and System Security (TISSEC)
Building Xml Applications
Good-Enough Security: Toward a Pragmatic Business-Driven Discipline
IEEE Internet Computing
Associating Metrics to Certification Paths
ESORICS '92 Proceedings of the Second European Symposium on Research in Computer Security
Modelling a Public-Key Infrastructure
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Policy formalization to combine separate systems into larger connected network of trust
net-Con '02 Proceedings of the IFIP TC6 / WG6.2 & WG6.7 Conference on Network Control and Engineering for QoS, Security and Mobility
A Policy Language for a Pervasive Computing Environment
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
SNDSS '95 Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95)
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Security Policy Reconciliation in Distributed Computing Environments
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Looking Back at the Bell-La Padula Model
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
A formalisation and evaluation of certificate policies
Computer Communications
Self-optimization of secure web services
Computer Communications
Data-centric privacy protocol for intensive care grids
IEEE Transactions on Information Technology in Biomedicine
The CloudGrid approach: Security analysis and performance evaluation
Future Generation Computer Systems
Building autonomic and secure service oriented architectures with MAWeS
ATC'07 Proceedings of the 4th international conference on Autonomic and Trusted Computing
SIREN: a feasible moving target defence framework for securing resource-constrained embedded nodes
International Journal of Critical Computer-Based Systems
| Hi-index | 0.01 |
The security of complex infrastructures depends on many technical and organizational issues that need to be properly addressed by a security policy. For purpose of our discussion, we define a security policy as a document that states what is and what is not allowed in a system during normal operation; it consists of a set of rules that could be expressed in formal, semi-formal or very informal language. In many contexts, a system can be considered secure and trustworthy if the policy enforced by its security administrator is trustworthy too; from this standpoint it is possible to evaluate the system security by evaluating its policy. In this paper we present a policy-based methodology to formalize and compare policies, and a Security Metric to evaluate the security level that a system is able to grant. All the steps of the methodology will be illustrated with an operative approach, by directly applying it to a real case study: the semi-automated Cross Certification among Public Key Infrastructures.