HiPoLDS: a security policy language for distributed systems

Authors:
Matteo Dell'Amico;Gabriel Serme;Muhammad Sabir Idrees;Anderson Santana de Olivera;Yves Roudier
Affiliations:
Eurecom, Sophia-Antipolis, France;SAP Research, Sophia-Antipolis, France;Eurecom, Sophia-Antipolis, France;SAP Research, Sophia-Antipolis, France;Eurecom, Sophia-Antipolis, France
Venue:
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
Year:
2012

Citing 13
Cited 0

Protecting privacy using the decentralized label model

ACM Transactions on Software Engineering and Methodology (TOSEM)
An algebra for composing access control policies

ACM Transactions on Information and System Security (TISSEC)
The Ponder Policy Specification Language

POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Verifiable composition of access control and application features

Proceedings of the tenth ACM symposium on Access control models and technologies
Harmless advice

Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Availability Enforcement by Obligations and Aspects Identification

ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
A Policy Language for Adaptive Web Services Security Framework

SNPD '07 Proceedings of the Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing - Volume 01
Weaving rewrite-based access control policies

Proceedings of the 2007 ACM workshop on Formal methods in security engineering
An Operational Framework for Service Oriented Architecture Network Security

HICSS '08 Proceedings of the Proceedings of the 41st Annual Hawaii International Conference on System Sciences
SecPAL: Design and semantics of a decentralized authorization language

Journal of Computer Security - Digital Identity Management (DIM 2007)
ASLan++ -- a formal security specification language for distributed systems

FMCO'10 Proceedings of the 9th international conference on Formal Methods for Components and Objects
Evolving security requirements in multi-layered service-oriented-architectures

DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Modular access control via strategic rewriting

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Expressing security policies to govern distributed systems is a complex and error-prone task. Policies are hard to understand, often expressed with unfriendly syntax, making it difficult to security administrators and to business analysts to create intelligible specifications. We introduce the Hierarchical Policy Language for Distributed Systems (HiPoLDS ). HiPoLDS has been designed to enable the specification of security policies in distributed systems in a concise, readable, and extensible way. HiPoLDS's design focuses on decentralized execution environments under the control of multiple stakeholders. Policy enforcement employs distributed reference monitors who control the flow of information between services. HiPoLDS allows the definition of both abstract and concrete policies, expressing respectively high-level properties required and concrete implementation details to be ultimately introduced into the service implementation.