Automated Management and Analysis of Security Policies using Eclipse

Abstract

The design of efficient and effective techniques for security policy analysis and management is a crucial open problem in modern information systems. The increasing complexity of current IT systems requires new techniques for designing access control policies. Thus, in order to ease the definition and management of access control policies, a tool chain that lets developers defining and managing security policies is needed. This tool chain can be used to support a model-driven approach to the definition and implementation of access control policies, in which the policies are refined in several steps in order to produce concrete security configurations. In this paper we present an extension of the PoSecCo Eclipse Policy Plug-in (PEPP), which provides to the users three different reasoning services for detecting anomalies in security policies. The reasoning services are based on Semantic Web and ontology management technologies, which offer an adequate basis for the realization of techniques able to support conflict analysis in security policies. The three services are: (a) Policy Incompatibility, (b) Redundancy Detection, and (c) Separation of Duty Conflicts Detection.